CVE-2024-20870

3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 71.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Galaxy Store
Timeline
PublishedMay 7

Description

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.5 | Impact: 2.5

Affected Packages1 packages

NVDsamsung/galaxy_store< 4.5.71.8

🔴Vulnerability Details

2
CVEList
CVE-2024-20870: Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 42024-05-07
GHSA
GHSA-rmxp-h7fr-q442: Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 42024-05-07
CVE-2024-20870 (MEDIUM CVSS 5.5) | Improper verification of intent by | cvebase.io