Details of VAR-202210-0077

ID

VAR-202210-0077

CVE

CVE-2022-39868

TITLE

Samsung's Android for SmartThings Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018625

DESCRIPTION

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Samsung's Android for SmartThings Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-39868 // JVNDB: JVNDB-2022-018625

AFFECTED PRODUCTS

vendor:	samsung	model:	smartthings	scope:	lt	version:	1.7.89.0	Trust: 1.0
vendor:	サムスン	model:	smartthings	scope:	eq	version:	1.7.89.0	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018625 // NVD: CVE-2022-39868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39868
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39868
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-39868
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-278
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-39868
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39868
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39868
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018625 // CNNVD: CNNVD-202210-278 // NVD: CVE-2022-39868 // NVD: CVE-2022-39868

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018625 // NVD: CVE-2022-39868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-278

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-278

PATCH

title:

SAMSUNG Mobile devices Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210308

Trust: 0.6

sources: CNNVD: CNNVD-202210-278

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39868	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-018625	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-278	Trust: 0.6

sources: JVNDB: JVNDB-2022-018625 // CNNVD: CNNVD-202210-278 // NVD: CVE-2022-39868

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39868	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39868/	Trust: 0.6

sources: JVNDB: JVNDB-2022-018625 // CNNVD: CNNVD-202210-278 // NVD: CVE-2022-39868

SOURCES

db:	JVNDB	id:	JVNDB-2022-018625
db:	CNNVD	id:	CNNVD-202210-278
db:	NVD	id:	CVE-2022-39868

LAST UPDATE DATE

2024-08-14T14:49:33.320000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-018625	date:	2023-10-20T08:26:00
db:	CNNVD	id:	CNNVD-202210-278	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-39868	date:	2023-06-27T16:16:05.830

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-018625	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-278	date:	2022-10-07T00:00:00
db:	NVD	id:	CVE-2022-39868	date:	2022-10-07T15:15:22.240