Sign-up

ID

VAR-202204-1054


CVE

CVE-2022-28775


TITLE

Samsung's  Samsung Flow  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008353

DESCRIPTION

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. Samsung's Samsung Flow Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-28775 // JVNDB: JVNDB-2022-008353 // VULMON: CVE-2022-28775

AFFECTED PRODUCTS

vendor:samsungmodel:flowscope:ltversion:4.8.06.5

Trust: 1.0

vendor:サムスンmodel:samsung flowscope:eqversion:4.8.06.5

Trust: 0.8

vendor:サムスンmodel:samsung flowscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:samsung flowscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-008353 // NVD: CVE-2022-28775

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-28775
value: LOW

Trust: 1.8

mobile.security@samsung.com: CVE-2022-28775
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202204-2909
value: LOW

Trust: 0.6

VULMON: CVE-2022-28775
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-28775
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

mobile.security@samsung.com:
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-28775
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-28775 // JVNDB: JVNDB-2022-008353 // NVD: CVE-2022-28775 // NVD: CVE-2022-28775 // CNNVD: CNNVD-202204-2909

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008353 // NVD: CVE-2022-28775

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2909

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2909

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-28775

PATCH
title:Samsung Flow Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=190350
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202204-2909

EXTERNAL IDS
db:NVDid:CVE-2022-28775
Trust: 3.3
db:JVNDBid:JVNDB-2022-008353
Trust: 0.8
db:CNNVDid:CNNVD-202204-2909
Trust: 0.6
db:VULMONid:CVE-2022-28775
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-28775 // 
            
            
            
            JVNDB: JVNDB-2022-008353 // 
            
            
            
            NVD: CVE-2022-28775 // 
            
            
            
            CNNVD: CNNVD-202204-2909

REFERENCES
url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=4
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-28775
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-28775/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/863.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-28775 // 
            
            
            
            JVNDB: JVNDB-2022-008353 // 
            
            
            
            NVD: CVE-2022-28775 // 
            
            
            
            CNNVD: CNNVD-202204-2909

SOURCES
db:VULMONid:CVE-2022-28775
db:JVNDBid:JVNDB-2022-008353
db:NVDid:CVE-2022-28775
db:CNNVDid:CNNVD-202204-2909

LAST UPDATE DATE
2023-12-18T14:04:00.827000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-28775date:2022-04-21T00:00:00
db:JVNDBid:JVNDB-2022-008353date:2023-07-26T08:24:00
db:NVDid:CVE-2022-28775date:2023-06-28T20:28:03.323
db:CNNVDid:CNNVD-202204-2909date:2023-06-29T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-28775date:2022-04-11T00:00:00
db:JVNDBid:JVNDB-2022-008353date:2023-07-26T00:00:00
db:NVDid:CVE-2022-28775date:2022-04-11T20:15:23.740
db:CNNVDid:CNNVD-202204-2909date:2022-04-11T00:00:00