Sign-up

ID

VAR-202209-0518


CVE

CVE-2022-36875


TITLE

Samsung's  Android  for  Galaxy Watch  Vulnerabilities in plugins

Trust: 0.8

sources: JVNDB: JVNDB-2022-016625

DESCRIPTION

Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. Samsung's Android for Galaxy Watch There are unspecified vulnerabilities in the plugin.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-36875 // JVNDB: JVNDB-2022-016625 // VULMON: CVE-2022-36875

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy watch pluginscope:ltversion:2.2.11.22081151

Trust: 1.0

vendor:サムスンmodel:galaxy watch プラグインscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:galaxy watch プラグインscope:eqversion:galaxy watch plugin 2.2.11.22081151

Trust: 0.8

vendor:サムスンmodel:galaxy watch プラグインscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016625 // NVD: CVE-2022-36875

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-36875
value: MEDIUM

Trust: 1.8

mobile.security@samsung.com: CVE-2022-36875
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202209-630
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com:
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-36875
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016625 // NVD: CVE-2022-36875 // NVD: CVE-2022-36875 // CNNVD: CNNVD-202209-630

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-016625 // NVD: CVE-2022-36875

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-630

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-630

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-36875

PATCH
title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=207549
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202209-630

EXTERNAL IDS
db:NVDid:CVE-2022-36875
Trust: 3.3
db:JVNDBid:JVNDB-2022-016625
Trust: 0.8
db:CNNVDid:CNNVD-202209-630
Trust: 0.6
db:VULMONid:CVE-2022-36875
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-36875 // 
            
            
            
            JVNDB: JVNDB-2022-016625 // 
            
            
            
            NVD: CVE-2022-36875 // 
            
            
            
            CNNVD: CNNVD-202209-630

REFERENCES
url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=09
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2022-36875
Trust: 0.8
url:https://security.samsungmobile.com/serviceweb.smsb?year==2022&month=09
Trust: 0.7
url:https://cxsecurity.com/cveshow/cve-2022-36875/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-36875 // 
            
            
            
            JVNDB: JVNDB-2022-016625 // 
            
            
            
            NVD: CVE-2022-36875 // 
            
            
            
            CNNVD: CNNVD-202209-630

SOURCES
db:VULMONid:CVE-2022-36875
db:JVNDBid:JVNDB-2022-016625
db:NVDid:CVE-2022-36875
db:CNNVDid:CNNVD-202209-630

LAST UPDATE DATE
2023-12-18T12:15:21.194000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-36875date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-016625date:2023-10-05T08:33:00
db:NVDid:CVE-2022-36875date:2023-07-21T19:52:58.647
db:CNNVDid:CNNVD-202209-630date:2023-07-24T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-36875date:2022-09-09T00:00:00
db:JVNDBid:JVNDB-2022-016625date:2023-10-05T00:00:00
db:NVDid:CVE-2022-36875date:2022-09-09T15:15:13.073
db:CNNVDid:CNNVD-202209-630date:2022-09-09T00:00:00