Improper Access Control in Samsung Calendar for Android Devices
CVE-2023-21464

3.3LOW

Key Information:

Vendor: Samsung
Status: Samsung Calendar
Vendor: CVE Published:; 16 March 2023

Summary

A vulnerability in Samsung Calendar allows a local attacker to manipulate the application's status due to improper access control. This affects versions prior to 12.4.02.9000 on Android 13 and 12.3.08.2000 on Android 12, potentially enabling malicious individuals to exploit this flaw and alter application functionality without proper permissions.

Affected Version(s)

Samsung Calendar < 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Nov 14, 2022