Improper Input Sanitization in Samsung Galaxy Store
CVE-2022-28542

6.8MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 11 April 2022

What is CVE-2022-28542?

The Galaxy Store prior to version 4.5.40.5 has a vulnerability that stems from improper sanitization of incoming intents. This flaw enables local attackers to exploit the application, potentially granting them unauthorized access to privileged content providers that are normally secured by Galaxy Store permissions. Due to this vulnerability, sensitive user data may be exposed, leading to further security risks.

Affected Version(s)

Galaxy Store - < 4.5.40.5

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Apr 4, 2022