Improper Access Control in Galaxy Store by Samsung
CVE-2023-21433

7.8HIGH

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 9 February 2023

What is CVE-2023-21433?

An improper access control vulnerability has been identified in Galaxy Store, prior to version 4.5.49.8, permitting local attackers to exploit the system and install applications without proper authorization. This flaw poses significant risks to users, as it could lead to unauthorized app installations that may compromise device security and user data integrity.

Affected Version(s)

Galaxy Store < 4.5.49.8

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2023
Vulnerability Reserved
Nov 14, 2022