Improper Privilege Management in Samsung Account Affects User Data Exposure
CVE-2022-30739

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Account
Vendor: CVE Published:; 7 June 2022

Summary

An improper privilege management vulnerability in the Samsung Account prior to version 13.2.00.6 enables attackers with normal user permissions to retrieve sensitive user information, such as email addresses and phone numbers. This flaw poses significant risks to user privacy and data security, allowing unauthorized access to personal information. Users are urged to apply updates to their Samsung Account to safeguard against potential exploitation.

Affected Version(s)

Samsung Account < 13.2.00.6

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2022
Vulnerability Reserved
May 16, 2022