ID
VAR-201704-0252
CVE
CVE-2016-2565
TITLE
Samsung SM-G920F Information Disclosure Vulnerability
Trust: 1.2
DESCRIPTION
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. Vendors have confirmed this vulnerability SVE-2015-5081 It is released as.An attacker could read a sent email message. The Samsung SM-G920F (Galaxy S6) is a Samsung smartphone from South Korea. SecEmailSync is one of the mail sync plugins. An information disclosure vulnerability exists in SecEmailSync in the SamsungSM-G920FbuildG920FXXU2COH2 release. Samsung SecEmailSync is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | samsung | model: | galaxy s6 | scope: | eq | version: | g920fxxu2coh2 | Trust: 2.4 |
| vendor: | samsung | model: | galaxy s6 g920fxxu2coh2 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | samsung | model: | secemailsync sm-g920f build g920f | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | SVE-2015-5081: Exposed provider and SQLi in SecEmailSync | url: | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | Trust: 0.8 |
| title: | SamsungSM-G920F Information Disclosure Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/94085 | Trust: 0.6 |
| title: | Samsung SM-G920F Repair measures for information disclosure vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70230 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-2565 | Trust: 3.4 |
| db: | BID | id: | 97658 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2016-008430 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201704-753 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-07204 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-91384 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0002 | Trust: 3.4 |
| url: | http://www.securityfocus.com/bid/97658 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2565 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2016-2565 | Trust: 0.8 |
| url: | http://www.samsung.com/ | Trust: 0.3 |
CREDITS
Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2017-07204 |
| db: | VULHUB | id: | VHN-91384 |
| db: | BID | id: | 97658 |
| db: | JVNDB | id: | JVNDB-2016-008430 |
| db: | CNNVD | id: | CNNVD-201704-753 |
| db: | NVD | id: | CVE-2016-2565 |
LAST UPDATE DATE
2024-11-23T22:13:20.577000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-07204 | date: | 2017-05-23T00:00:00 |
| db: | VULHUB | id: | VHN-91384 | date: | 2017-04-22T00:00:00 |
| db: | BID | id: | 97658 | date: | 2017-04-18T01:05:00 |
| db: | JVNDB | id: | JVNDB-2016-008430 | date: | 2017-05-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-753 | date: | 2017-05-17T00:00:00 |
| db: | NVD | id: | CVE-2016-2565 | date: | 2024-11-21T02:48:42.727 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-07204 | date: | 2017-05-23T00:00:00 |
| db: | VULHUB | id: | VHN-91384 | date: | 2017-04-13T00:00:00 |
| db: | BID | id: | 97658 | date: | 2017-04-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-008430 | date: | 2017-05-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-753 | date: | 2017-04-13T00:00:00 |
| db: | NVD | id: | CVE-2016-2565 | date: | 2017-04-13T16:59:01.050 |