PendingIntent Hijacking Vulnerability in Samsung Health by Samsung
CVE-2023-42539

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Health
Vendor: CVE Published:; 7 November 2023

What is CVE-2023-42539?

A PendingIntent hijacking vulnerability exists in the ChallengeNotificationManager of Samsung Health, allowing local attackers to interfere with sensitive data notifications. This flaw impacts versions of Samsung Health prior to 6.25, potentially exposing users' health information to unauthorized access. It is crucial for users to update their applications to mitigate such risks.

Affected Version(s)

Samsung Health 6.25

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 11, 2023