Details of VAR-202407-0045

ID

VAR-202407-0045

CVE

CVE-2024-34601

TITLE

Samsung's galaxystore Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-003872

DESCRIPTION

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. Samsung's galaxystore Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-34601 // JVNDB: JVNDB-2024-003872

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy store	scope:	lt	version:	4.5.81.0	Trust: 1.0
vendor:	サムスン	model:	galaxystore	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	galaxystore	scope:	eq	version:	4.5.81.0	Trust: 0.8
vendor:	サムスン	model:	galaxystore	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-003872 // NVD: CVE-2024-34601

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2024-34601
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-34601
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-34601
value:	MEDIUM
Trust: 0.8

mobile.security@samsung.com:	CVE-2024-34601
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-34601
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-34601
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-003872 // NVD: CVE-2024-34601 // NVD: CVE-2024-34601

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003872 // NVD: CVE-2024-34601

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34601	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-003872	Trust: 0.8

sources: JVNDB: JVNDB-2024-003872 // NVD: CVE-2024-34601

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2024&month=07	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34601	Trust: 0.8

sources: JVNDB: JVNDB-2024-003872 // NVD: CVE-2024-34601

SOURCES

db:	JVNDB	id:	JVNDB-2024-003872
db:	NVD	id:	CVE-2024-34601

LAST UPDATE DATE

2025-01-05T23:08:15.312000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-003872	date:	2024-07-03T01:52:00
db:	NVD	id:	CVE-2024-34601	date:	2025-01-03T19:15:49.823

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-003872	date:	2024-07-03T00:00:00
db:	NVD	id:	CVE-2024-34601	date:	2024-07-02T10:15:08.980