- Description
- Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
- Source
- mobile.security@samsung.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 3.3
- Impact score
- 1.4
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- NVD-CWE-Other
- mobile.security@samsung.com
- CWE-284
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:members:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F50FCB8-55DA-484F-B0F1-1C8B7311A061",
"versionEndExcluding": "2.4.85.11"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10C63987-7011-4789-B5DC-738EEB806B1D",
"versionEndIncluding": "8.1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:members:3.9.10.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F39CB259-5982-4ADF-8DD1-964B3F2B6B79"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8E801923-59CB-4E31-AF1A-F19747190979",
"versionStartIncluding": "9.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]