Vulnerability-Lookup

CVE-2022-39877 (GCVE-0-2022-39877)

Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2025-05-20 14:49

Summary

Severity

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control

Assigner

Samsung Mobile

References

1 reference

URL	Tags
https://security.samsungmobile.com/serviceWeb.sms…

Impacted products

1 product

Vendor	Product	Version
Samsung Mobile	Group Sharing	Affected: unspecified , < 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:07:43.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T14:37:59.237475Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:49:21.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Group Sharing ",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2022-39877",
    "datePublished": "2022-10-07T00:00:00.000Z",
    "dateReserved": "2022-09-05T00:00:00.000Z",
    "dateUpdated": "2025-05-20T14:49:21.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-39877",
      "date": "2026-06-08",
      "epss": "0.00184",
      "percentile": "0.39955"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.0.6.15\", \"matchCriteriaId\": \"8AD0EC61-49F2-4B77-B389-288099B14247\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.0.6.14\", \"matchCriteriaId\": \"49E25DE6-646E-46BB-A750-097A887C602F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"109DD7FD-3A48-4C3D-8E1A-4433B98E1E64\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de control de acceso inapropiado en ProfileSharingAccount en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y posteriores permite a atacantes identificar el dispositivo\"}]",
      "id": "CVE-2022-39877",
      "lastModified": "2024-11-21T07:18:26.687",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"mobile.security@samsung.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2022-10-07T15:15:23.810",
      "references": "[{\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10\", \"source\": \"mobile.security@samsung.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "mobile.security@samsung.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"mobile.security@samsung.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-39877\",\"sourceIdentifier\":\"mobile.security@samsung.com\",\"published\":\"2022-10-07T15:15:23.810\",\"lastModified\":\"2024-11-21T07:18:26.687\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso inapropiado en ProfileSharingAccount en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y posteriores permite a atacantes identificar el dispositivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0.6.15\",\"matchCriteriaId\":\"8AD0EC61-49F2-4B77-B389-288099B14247\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0.6.14\",\"matchCriteriaId\":\"49E25DE6-646E-46BB-A750-097A887C602F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"109DD7FD-3A48-4C3D-8E1A-4433B98E1E64\"}]}]}],\"references\":[{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:07:43.010Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-39877\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T14:37:59.237475Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T14:46:22.564Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Samsung Mobile\", \"product\": \"Group Sharing \", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"3af57064-a867-422c-b2ad-40307b65c458\", \"shortName\": \"Samsung Mobile\", \"dateUpdated\": \"2022-10-07T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-39877\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T14:49:21.671Z\", \"dateReserved\": \"2022-09-05T00:00:00.000Z\", \"assignerOrgId\": \"3af57064-a867-422c-b2ad-40307b65c458\", \"datePublished\": \"2022-10-07T00:00:00.000Z\", \"assignerShortName\": \"Samsung Mobile\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2022-87954

Vulnerability from cnvd - Published: 2022-12-15

Title

SAMSUNG Mobile devices ProfileSharingAccount访问控制错误漏洞

Description

SAMSUNG Mobile devices是韩国三星（SAMSUNG）公司的一系列的三星移动设备，包括手机、平板等。 SAMSUNG Mobile devices Android S(12) 13.0.6.15之前版本、Android R(11) 13.0.6.14存在访问控制错误漏洞，该漏洞源于群组共享中ProfileSharingAccount存在访问控制不当。攻击者可利用该漏洞识别设备。

Severity

中

Patch Name

SAMSUNG Mobile devices ProfileSharingAccount访问控制错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Reference

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

Impacted products

Name
['Samsung Samsung mobile devices android S(12) 13.0.6.15', 'Samsung Samsung mobile devices Android R(11) 13.0.6.14']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-39877",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-39877"
    }
  },
  "description": "SAMSUNG Mobile devices\u662f\u97e9\u56fd\u4e09\u661f\uff08SAMSUNG\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u7684\u4e09\u661f\u79fb\u52a8\u8bbe\u5907\uff0c\u5305\u62ec\u624b\u673a\u3001\u5e73\u677f\u7b49\u3002\n\nSAMSUNG Mobile devices Android S(12) 13.0.6.15\u4e4b\u524d\u7248\u672c\u3001Android R(11) 13.0.6.14\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7fa4\u7ec4\u5171\u4eab\u4e2dProfileSharingAccount\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bc6\u522b\u8bbe\u5907\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-87954",
  "openTime": "2022-12-15",
  "patchDescription": "SAMSUNG Mobile devices\u662f\u97e9\u56fd\u4e09\u661f\uff08SAMSUNG\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u7684\u4e09\u661f\u79fb\u52a8\u8bbe\u5907\uff0c\u5305\u62ec\u624b\u673a\u3001\u5e73\u677f\u7b49\u3002\r\n\r\nSAMSUNG Mobile devices Android S(12) 13.0.6.15\u4e4b\u524d\u7248\u672c\u3001Android R(11) 13.0.6.14\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7fa4\u7ec4\u5171\u4eab\u4e2dProfileSharingAccount\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bc6\u522b\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAMSUNG Mobile devices ProfileSharingAccount\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Samsung Samsung mobile devices android S(12) 13.0.6.15",
      "Samsung Samsung mobile devices Android R(11) 13.0.6.14"
    ]
  },
  "referenceLink": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
  "serverity": "\u4e2d",
  "submitTime": "2022-10-10",
  "title": "SAMSUNG Mobile devices ProfileSharingAccount\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2022-39877

Vulnerability from fkie_nvd - Published: 2022-10-07 15:15 - Updated: 2024-11-21 07:18

Severity

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	mobile.security@samsung.com	https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10	Vendor Advisory

Impacted products

Vendor	Product	Version
samsung	group_sharing	*
google	android	12.0
samsung	group_sharing	*
google	android	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD0EC61-49F2-4B77-B389-288099B14247",
              "versionEndExcluding": "13.0.6.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E25DE6-646E-46BB-A750-097A887C602F",
              "versionEndExcluding": "13.0.6.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inapropiado en ProfileSharingAccount en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y posteriores permite a atacantes identificar el dispositivo"
    }
  ],
  "id": "CVE-2022-39877",
  "lastModified": "2024-11-21T07:18:26.687",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "mobile.security@samsung.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-07T15:15:23.810",
  "references": [
    {
      "source": "mobile.security@samsung.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "sourceIdentifier": "mobile.security@samsung.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "mobile.security@samsung.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3MJ6-P6Q9-4J76

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-10 00:00

Details

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-39877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.",
  "id": "GHSA-3mj6-p6q9-4j76",
  "modified": "2022-10-10T00:00:32Z",
  "published": "2022-10-07T18:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39877"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-39877

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-39877

Aliases

CVE-2022-39877

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-39877",
    "description": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.",
    "id": "GSD-2022-39877"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-39877"
      ],
      "details": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.",
      "id": "GSD-2022-39877",
      "modified": "2023-12-13T01:19:20.411290Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "mobile.security@samsung.com",
        "ID": "CVE-2022-39877",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Group Sharing ",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "",
                          "version_value": "13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Samsung Mobile"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284 Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
            "refsource": "MISC",
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0.6.15",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0.6.14",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2022-39877"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-06-27T16:25Z",
      "publishedDate": "2022-10-07T15:15Z"
    }
  }
}

VAR-202210-0316

Vulnerability from variot - Updated: 2023-12-18 13:06

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Samsung's Group Sharing Exists in unspecified vulnerabilities.Information may be obtained. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea's Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to identify the device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0316",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "group sharing",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "samsung",
        "version": "13.0.6.14"
      },
      {
        "model": "group sharing",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "samsung",
        "version": "13.0.6.15"
      },
      {
        "model": "group sharing",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": "13.0.6.14"
      },
      {
        "model": "group sharing",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": "13.0.6.15"
      },
      {
        "model": "group sharing",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": null
      },
      {
        "model": "group sharing",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b5\u30e0\u30b9\u30f3",
        "version": null
      },
      {
        "model": "mobile devices android s",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "samsung",
        "version": "13.0.6.15"
      },
      {
        "model": "mobile devices android r",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "samsung",
        "version": "13.0.6.14"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0.6.15",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:samsung:group_sharing:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.0.6.14",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      }
    ]
  },
  "cve": "CVE-2022-39877",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-87954",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "mobile.security@samsung.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.5,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-39877",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-39877",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "mobile.security@samsung.com",
            "id": "CVE-2022-39877",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-87954",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-268",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Samsung\u0027s Group Sharing Exists in unspecified vulnerabilities.Information may be obtained. SAMSUNG Mobile devices is a series of Samsung mobile devices of South Korea\u0027s Samsung (SAMSUNG), including mobile phones, tablets, etc. An attacker could exploit this vulnerability to identify the device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-39877",
        "trust": 3.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "id": "VAR-202210-0316",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:06:29.231000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for SAMSUNG Mobile devices ProfileSharingAccount access control error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/371211"
      },
      {
        "title": "SAMSUNG Mobile devices Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209909"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://security.samsungmobile.com/serviceweb.smsb?year=2022\u0026month=10"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-39877"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-39877/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "date": "2023-10-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "date": "2022-10-07T15:15:23.810000",
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "date": "2022-10-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-87954"
      },
      {
        "date": "2023-10-19T08:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      },
      {
        "date": "2023-06-27T16:25:35.270000",
        "db": "NVD",
        "id": "CVE-2022-39877"
      },
      {
        "date": "2023-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung\u0027s \u00a0Group\u00a0Sharing\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018338"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-268"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-39877 (GCVE-0-2022-39877)

CNVD-2022-87954

FKIE_CVE-2022-39877

GHSA-3MJ6-P6Q9-4J76

GSD-2022-39877

VAR-202210-0316

Tags

Sightings

Nomenclature