Improper Access Control in Reminder by Samsung for Android Devices
CVE-2022-23433

4.3MEDIUM

Key Information:

Vendor: Samsung
Status: Reminder
Vendor: CVE Published:; 11 February 2022

Summary

The Reminder app by Samsung exhibits an improper access control vulnerability in multiple versions across different Android platforms. This flaw enables unauthorized users to register reminders or carry out exported activities remotely, potentially leading to significant security risks for users. It is crucial for affected users to update their applications to the latest versions to mitigate this vulnerability and protect their data.

Affected Version(s)

Reminder - < 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10)

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
Jan 18, 2022