Details of VAR-202210-0204

ID

VAR-202210-0204

CVE

CVE-2022-39865

TITLE

Samsung's Android for SmartThings Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018628

DESCRIPTION

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Samsung's Android for SmartThings Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-39865 // JVNDB: JVNDB-2022-018628

AFFECTED PRODUCTS

vendor:	samsung	model:	smartthings	scope:	lt	version:	1.7.89.0	Trust: 1.0
vendor:	サムスン	model:	smartthings	scope:	eq	version:	1.7.89.0	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018628 // NVD: CVE-2022-39865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39865
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39865
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-39865
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-282
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-39865
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39865
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39865
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018628 // CNNVD: CNNVD-202210-282 // NVD: CVE-2022-39865 // NVD: CVE-2022-39865

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018628 // NVD: CVE-2022-39865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-282

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-282

PATCH

title:

SAMSUNG Mobile devices Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210312

Trust: 0.6

sources: CNNVD: CNNVD-202210-282

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39865	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-018628	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-282	Trust: 0.6

sources: JVNDB: JVNDB-2022-018628 // CNNVD: CNNVD-202210-282 // NVD: CVE-2022-39865

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39865	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39865/	Trust: 0.6

sources: JVNDB: JVNDB-2022-018628 // CNNVD: CNNVD-202210-282 // NVD: CVE-2022-39865

SOURCES

db:	JVNDB	id:	JVNDB-2022-018628
db:	CNNVD	id:	CNNVD-202210-282
db:	NVD	id:	CVE-2022-39865

LAST UPDATE DATE

2024-08-14T13:53:01.294000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-018628	date:	2023-10-20T08:26:00
db:	CNNVD	id:	CNNVD-202210-282	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-39865	date:	2023-06-27T16:14:25.387

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-018628	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-282	date:	2022-10-07T00:00:00
db:	NVD	id:	CVE-2022-39865	date:	2022-10-07T15:15:21.883