Sensitive Information at Risk: Implicit Intent Hijacking Vulnerability in Galaxy Store's AccountActivity
CVE-2024-20822

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Galaxy Store
Vendor: CVE Published:; 6 February 2024

Summary

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Affected Version(s)

Galaxy Store 4.5.63.6

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Dec 5, 2023