Details of VAR-202204-1648

ID

VAR-202204-1648

CVE

CVE-2022-28542

TITLE

Samsung's Galaxy Store Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008357

DESCRIPTION

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. Samsung's Galaxy Store Exists in a fraudulent authentication vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-28542 // JVNDB: JVNDB-2022-008357 // VULMON: CVE-2022-28542

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy store	scope:	lt	version:	4.5.40.5	Trust: 1.0
vendor:	サムスン	model:	galaxy store	scope:	eq	version:	4.5.40.5	Trust: 0.8
vendor:	サムスン	model:	galaxy store	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	galaxy store	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-008357 // NVD: CVE-2022-28542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28542
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28542
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-28542
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-2905
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-28542
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-28542
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2022-28542
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28542
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-28542
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2022-28542 // JVNDB: JVNDB-2022-008357 // CNNVD: CNNVD-202204-2905 // NVD: CVE-2022-28542 // NVD: CVE-2022-28542

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-863	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-008357 // NVD: CVE-2022-28542

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2905

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2905

PATCH

title:

Samsung Galaxy Store Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190347

Trust: 0.6

sources: CNNVD: CNNVD-202204-2905

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28542	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-008357	Trust: 0.8
db:	CNNVD	id:	CNNVD-202204-2905	Trust: 0.6
db:	VULMON	id:	CVE-2022-28542	Trust: 0.1

sources: VULMON: CVE-2022-28542 // JVNDB: JVNDB-2022-008357 // CNNVD: CNNVD-202204-2905 // NVD: CVE-2022-28542

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=4	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28542	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-28542/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-28542 // JVNDB: JVNDB-2022-008357 // CNNVD: CNNVD-202204-2905 // NVD: CVE-2022-28542

SOURCES

db:	VULMON	id:	CVE-2022-28542
db:	JVNDB	id:	JVNDB-2022-008357
db:	CNNVD	id:	CNNVD-202204-2905
db:	NVD	id:	CVE-2022-28542

LAST UPDATE DATE

2024-11-23T22:43:57.519000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-28542	date:	2022-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-008357	date:	2023-07-26T08:24:00
db:	CNNVD	id:	CNNVD-202204-2905	date:	2022-04-22T00:00:00
db:	NVD	id:	CVE-2022-28542	date:	2024-11-21T06:57:29.857

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-28542	date:	2022-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-008357	date:	2023-07-26T00:00:00
db:	CNNVD	id:	CNNVD-202204-2905	date:	2022-04-11T00:00:00
db:	NVD	id:	CVE-2022-28542	date:	2022-04-11T20:15:23.533