Path Traversal Vulnerability in Samsung Flow Before Version 4.8.07.4
CVE-2022-28543

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Flow
Vendor: CVE Published:; 11 April 2022

What is CVE-2022-28543?

A path traversal vulnerability exists in Samsung Flow that allows local attackers to access and read arbitrary files on the system with the same permissions as the application, potentially exposing sensitive information. This flaw affects versions of Samsung Flow prior to 4.8.07.4, posing a risk to users who have not updated their software.

Affected Version(s)

Samsung Flow - < 4.8.07.4

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Apr 4, 2022