Improper Access Control in Samsung Health Application
CVE-2023-30737

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Health
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-30737?

A vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to exploit improper access control mechanisms, potentially granting unauthorized access to sensitive user information through implicit intent. This security flaw underscores the importance of robust access controls in mobile applications to safeguard personal data.

Affected Version(s)

Samsung Health 6.24.3.007

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Apr 14, 2023