Details of VAR-202205-0226

ID

VAR-202205-0226

CVE

CVE-2022-28783

TITLE

Google of Android Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008886

DESCRIPTION

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. Google of Android There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Samsung Galaxy Theme is a theme feature for Samsung mobile devices. Samsung Galaxy Theme has an input validation error vulnerability

Trust: 2.25

sources: NVD: CVE-2022-28783 // JVNDB: JVNDB-2022-008886 // CNVD: CNVD-2023-73902 // VULMON: CVE-2022-28783

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73902

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73902 // JVNDB: JVNDB-2022-008886 // NVD: CVE-2022-28783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28783
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28783
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-28783
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-73902
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202205-2006
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-28783
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-28783
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2023-73902
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-28783
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28783
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-28783
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-73902 // VULMON: CVE-2022-28783 // JVNDB: JVNDB-2022-008886 // CNNVD: CNNVD-202205-2006 // NVD: CVE-2022-28783 // NVD: CVE-2022-28783

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-008886 // NVD: CVE-2022-28783

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2006

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2006

PATCH

title:	Patch for Samsung Galaxy Theme Input Validation Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/356016	Trust: 0.6
title:	Samsung SMR Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192411	Trust: 0.6

sources: CNVD: CNVD-2023-73902 // CNNVD: CNNVD-202205-2006

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28783	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-008886	Trust: 0.8
db:	CNVD	id:	CNVD-2023-73902	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2006	Trust: 0.6
db:	VULMON	id:	CVE-2022-28783	Trust: 0.1

sources: CNVD: CNVD-2023-73902 // VULMON: CVE-2022-28783 // JVNDB: JVNDB-2022-008886 // CNNVD: CNNVD-202205-2006 // NVD: CVE-2022-28783

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=5	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28783	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-28783/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-73902 // VULMON: CVE-2022-28783 // JVNDB: JVNDB-2022-008886 // CNNVD: CNNVD-202205-2006 // NVD: CVE-2022-28783

SOURCES

db:	CNVD	id:	CNVD-2023-73902
db:	VULMON	id:	CVE-2022-28783
db:	JVNDB	id:	JVNDB-2022-008886
db:	CNNVD	id:	CNNVD-202205-2006
db:	NVD	id:	CVE-2022-28783

LAST UPDATE DATE

2024-08-14T15:37:38.310000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73902	date:	2023-09-29T00:00:00
db:	VULMON	id:	CVE-2022-28783	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-008886	date:	2023-08-01T08:31:00
db:	CNNVD	id:	CNNVD-202205-2006	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-28783	date:	2022-05-11T17:37:16.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73902	date:	2022-10-13T00:00:00
db:	VULMON	id:	CVE-2022-28783	date:	2022-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-008886	date:	2023-08-01T00:00:00
db:	CNNVD	id:	CNNVD-202205-2006	date:	2022-05-03T00:00:00
db:	NVD	id:	CVE-2022-28783	date:	2022-05-03T20:15:09.237