CVE-2022-39915

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 3.3

Information

Published : 2022-12-08 16:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-39915

Mitre link : CVE-2022-39915

CVE.ORG link : CVE-2022-39915

JSON object : View

Products Affected

google

android

samsung

calendar

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

{"id": "CVE-2022-39915", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-12-08T16:15:13.173", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado en Calendar anterior a las versiones 11.6.08.0 en Android Q(10), 12.2.11.3000 en Android R(11), 12.3.07.2000 en Android S(12) y 12.4.02.0 en Android T(13) permite los atacantes accedan a informaci\u00f3n confidencial mediante una intenci\u00f3n impl\u00edcita."}], "lastModified": "2024-11-21T07:18:31.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFDB5006-6EAD-4AD9-A52F-45FB6E66612C", "versionEndExcluding": "11.6.08.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B8B429-ABFA-4A2B-836D-F97F4D32B6B3", "versionEndExcluding": "12.2.11.3000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA62703C-C083-44D1-BE2D-EB82DBFBE586", "versionEndExcluding": "12.3.07.2000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:calendar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDDBA086-A411-44C3-8786-948E045B7111", "versionEndExcluding": "12.4.02.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}