- Description
- Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
- Source
- mobile.security@samsung.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- NVD-CWE-Other
- mobile.security@samsung.com
- CWE-284
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:members:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F50FCB8-55DA-484F-B0F1-1C8B7311A061",
"versionEndExcluding": "2.4.85.11"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10C63987-7011-4789-B5DC-738EEB806B1D",
"versionEndIncluding": "8.1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:members:3.9.10.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F39CB259-5982-4ADF-8DD1-964B3F2B6B79"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8E801923-59CB-4E31-AF1A-F19747190979",
"versionStartIncluding": "9.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]