Description
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
Related CPE's
o
android
3
References
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-06-11T15:15:10.287
4 years agoLast modified
2021-10-18T11:53:14.047
3 years ago