Details of VAR-202212-1021

ID

VAR-202212-1021

CVE

CVE-2022-39915

TITLE

Samsung's calendar Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023051

DESCRIPTION

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. Samsung's calendar Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-39915 // JVNDB: JVNDB-2022-023051

AFFECTED PRODUCTS

vendor:	samsung	model:	calendar	scope:	lt	version:	12.3.07.2000	Trust: 1.0
vendor:	samsung	model:	calendar	scope:	lt	version:	11.6.08.0	Trust: 1.0
vendor:	samsung	model:	calendar	scope:	lt	version:	12.4.02.0	Trust: 1.0
vendor:	samsung	model:	calendar	scope:	lt	version:	12.2.11.3000	Trust: 1.0
vendor:	サムスン	model:	calendar	scope:	eq	version:	12.2.11.3000	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	eq	version:	12.4.02.0	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	eq	version:	12.3.07.2000	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	calendar	scope:	eq	version:	11.6.08.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-023051 // NVD: CVE-2022-39915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-39915
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39915
value:	LOW
Trust: 1.0
NVD:	CVE-2022-39915
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202212-2710
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-39915
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-39915
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-39915
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023051 // CNNVD: CNNVD-202212-2710 // NVD: CVE-2022-39915 // NVD: CVE-2022-39915

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023051 // NVD: CVE-2022-39915

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2710

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2710

PATCH

title:

SAMSUNG Mobile devices Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=217147

Trust: 0.6

sources: CNNVD: CNNVD-202212-2710

EXTERNAL IDS

db:	NVD	id:	CVE-2022-39915	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-023051	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2710	Trust: 0.6

sources: JVNDB: JVNDB-2022-023051 // CNNVD: CNNVD-202212-2710 // NVD: CVE-2022-39915

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=12	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-39915	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-39915/	Trust: 0.6

sources: JVNDB: JVNDB-2022-023051 // CNNVD: CNNVD-202212-2710 // NVD: CVE-2022-39915

SOURCES

db:	JVNDB	id:	JVNDB-2022-023051
db:	CNNVD	id:	CNNVD-202212-2710
db:	NVD	id:	CVE-2022-39915

LAST UPDATE DATE

2024-08-14T13:21:24.755000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023051	date:	2023-11-27T02:07:00
db:	CNNVD	id:	CNNVD-202212-2710	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-39915	date:	2022-12-12T16:07:33.953

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023051	date:	2023-11-27T00:00:00
db:	CNNVD	id:	CNNVD-202212-2710	date:	2022-12-08T00:00:00
db:	NVD	id:	CVE-2022-39915	date:	2022-12-08T16:15:13.173