Improper Access Control in Samsung Calendar on Android Devices
CVE-2022-39915

3.3LOW

Key Information:

Vendor: Samsung
Status: Samsung Calendar
Vendor: CVE Published:; 8 December 2022

Summary

An improper access control vulnerability in Samsung Calendar allows unauthorized access to sensitive information through implicit intents. This vulnerability affects versions released before 11.6.08.0 for Android Q (10), 12.2.11.3000 for Android R (11), 12.3.07.2000 for Android S (12), and 12.4.02.0 for Android T (13). Attackers can exploit this flaw to gain exposure to confidential data, posing significant privacy risks to users.

Affected Version(s)

Samsung Calendar < 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13)

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Sep 5, 2022