ID

VAR-202205-0276


CVE

CVE-2022-28780


TITLE

Google  of  Android  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008889

DESCRIPTION

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. Google of Android Exists in unspecified vulnerabilities.Information may be obtained. Samsung Weather is a weather feature for Samsung mobile devices

Trust: 2.25

sources: NVD: CVE-2022-28780 // JVNDB: JVNDB-2022-008889 // CNVD: CNVD-2023-73903 // VULMON: CVE-2022-28780

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-73903

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.8

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.8

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.8

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-73903 // JVNDB: JVNDB-2022-008889 // NVD: CVE-2022-28780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28780
value: MEDIUM

Trust: 1.0

mobile.security@samsung.com: CVE-2022-28780
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-28780
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-73903
value: LOW

Trust: 0.6

CNNVD: CNNVD-202205-2011
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-28780
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-28780
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2023-73903
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-28780
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-28780
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-28780
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-73903 // VULMON: CVE-2022-28780 // JVNDB: JVNDB-2022-008889 // CNNVD: CNNVD-202205-2011 // NVD: CVE-2022-28780 // NVD: CVE-2022-28780

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008889 // NVD: CVE-2022-28780

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2011

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2011

PATCH

title:Patch for Samsung Weather Access Control Error Vulnerability (CNVD-2023-73903)url:https://www.cnvd.org.cn/patchInfo/show/356031

Trust: 0.6

title:Samsung SMR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191327

Trust: 0.6

sources: CNVD: CNVD-2023-73903 // CNNVD: CNNVD-202205-2011

EXTERNAL IDS

db:NVDid:CVE-2022-28780

Trust: 3.9

db:JVNDBid:JVNDB-2022-008889

Trust: 0.8

db:CNVDid:CNVD-2023-73903

Trust: 0.6

db:CNNVDid:CNNVD-202205-2011

Trust: 0.6

db:VULMONid:CVE-2022-28780

Trust: 0.1

sources: CNVD: CNVD-2023-73903 // VULMON: CVE-2022-28780 // JVNDB: JVNDB-2022-008889 // CNNVD: CNNVD-202205-2011 // NVD: CVE-2022-28780

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=5

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-28780

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-28780/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-73903 // VULMON: CVE-2022-28780 // JVNDB: JVNDB-2022-008889 // CNNVD: CNNVD-202205-2011 // NVD: CVE-2022-28780

SOURCES

db:CNVDid:CNVD-2023-73903
db:VULMONid:CVE-2022-28780
db:JVNDBid:JVNDB-2022-008889
db:CNNVDid:CNNVD-202205-2011
db:NVDid:CVE-2022-28780

LAST UPDATE DATE

2024-08-14T15:32:44.563000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-73903date:2023-09-29T00:00:00
db:VULMONid:CVE-2022-28780date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-008889date:2023-08-01T08:31:00
db:CNNVDid:CNNVD-202205-2011date:2022-05-12T00:00:00
db:NVDid:CVE-2022-28780date:2022-05-11T17:13:47.517

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-73903date:2022-10-13T00:00:00
db:VULMONid:CVE-2022-28780date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2022-008889date:2023-08-01T00:00:00
db:CNNVDid:CNNVD-202205-2011date:2022-05-03T00:00:00
db:NVDid:CVE-2022-28780date:2022-05-03T20:15:09.043