Improper Access Control in Samsung Members Application
CVE-2022-28777

4.3MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Members
Vendor: CVE Published:; 11 April 2022

Summary

An improper access control vulnerability exists in the Samsung Members application, allowing a local attacker to execute call functions without the necessary CALL_PHONE permissions. This flaw affects versions prior to 13.6.08.5, posing a risk to users due to potential unauthorized call actions. It is essential for users of the Samsung Members app to update to the latest version to mitigate this vulnerability.

Affected Version(s)

Samsung Members - < 13.6.08.5

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Apr 7, 2022