ID
VAR-201704-0253
CVE
CVE-2016-2566
TITLE
Samsung SM-G920F SecEmailSync SQL Injection Vulnerability
Trust: 1.2
DESCRIPTION
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Vendors have confirmed this vulnerability SVE-2015-5081 It is released as.SQL An injection attack may be performed. SecEmailSync is one of the mail sync plugins. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands. Samsung SecEmailSync is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | samsung | model: | galaxy s6 | scope: | eq | version: | g920fxxu2coh2 | Trust: 2.4 |
| vendor: | samsung | model: | galaxy s6 g920fxxu2coh2 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | samsung | model: | secemailsync sm-g920f build g920f | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
SQL injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | SVE-2015-5081: Exposed provider and SQLi in SecEmailSync | url: | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | Trust: 0.8 |
| title: | SamsungSM-G920FSecEmailSyncSQL injection vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/94086 | Trust: 0.6 |
| title: | Samsung SM-G920F SecEmailSync SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70229 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-2566 | Trust: 3.4 |
| db: | BID | id: | 97654 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2016-008431 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2017-07190 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201704-752 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-91385 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0002 | Trust: 3.4 |
| url: | http://www.securityfocus.com/bid/97654 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2566 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2016-2566 | Trust: 0.8 |
| url: | http://www.samsung.com/ | Trust: 0.3 |
CREDITS
Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick).
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2017-07190 |
| db: | VULHUB | id: | VHN-91385 |
| db: | BID | id: | 97654 |
| db: | JVNDB | id: | JVNDB-2016-008431 |
| db: | CNNVD | id: | CNNVD-201704-752 |
| db: | NVD | id: | CVE-2016-2566 |
LAST UPDATE DATE
2024-11-23T22:13:20.620000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-07190 | date: | 2017-05-22T00:00:00 |
| db: | VULHUB | id: | VHN-91385 | date: | 2017-04-21T00:00:00 |
| db: | BID | id: | 97654 | date: | 2017-04-18T01:05:00 |
| db: | JVNDB | id: | JVNDB-2016-008431 | date: | 2017-05-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-752 | date: | 2017-05-17T00:00:00 |
| db: | NVD | id: | CVE-2016-2566 | date: | 2024-11-21T02:48:42.867 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-07190 | date: | 2017-05-22T00:00:00 |
| db: | VULHUB | id: | VHN-91385 | date: | 2017-04-13T00:00:00 |
| db: | BID | id: | 97654 | date: | 2017-04-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-008431 | date: | 2017-05-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-752 | date: | 2017-04-13T00:00:00 |
| db: | NVD | id: | CVE-2016-2566 | date: | 2017-04-13T16:59:01.097 |