Improper Export of Android Application Components in Call Settings by Samsung
CVE-2023-21486

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Mobile Devices
Vendor: CVE Published:; 4 May 2023

Summary

A vulnerability exists in the Call Settings application, specifically in the ImagePreviewActivity, where improper export of Android application components could potentially allow physical attackers to gain unauthorized access to certain media data stored in the device's sandbox environment. This flaw may expose sensitive user data, emphasizing the need for robust security practices in mobile application design and development.

Affected Version(s)

Samsung Mobile Devices Android 11, 12, 13

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2023
Vulnerability Reserved
Nov 14, 2022