Details of VAR-202407-0088

ID

VAR-202407-0088

CVE

CVE-2024-34600

TITLE

Samsung's flow Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-003871

DESCRIPTION

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. Samsung's flow Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-34600 // JVNDB: JVNDB-2024-003871

AFFECTED PRODUCTS

vendor:	samsung	model:	flow	scope:	lt	version:	4.9.13.0	Trust: 1.0
vendor:	サムスン	model:	flow	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	flow	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	flow	scope:	eq	version:	4.9.13.0	Trust: 0.8

sources: JVNDB: JVNDB-2024-003871 // NVD: CVE-2024-34600

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2024-34600
value:	LOW
Trust: 1.8
mobile.security@samsung.com:	CVE-2024-34600
value:	MEDIUM
Trust: 1.0

NVD:
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
mobile.security@samsung.com:
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2024-34600
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-003871 // NVD: CVE-2024-34600 // NVD: CVE-2024-34600

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003871 // NVD: CVE-2024-34600

EXTERNAL IDS

db:	NVD	id:	CVE-2024-34600	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-003871	Trust: 0.8

sources: JVNDB: JVNDB-2024-003871 // NVD: CVE-2024-34600

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2024&month=07	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-34600	Trust: 0.8

sources: JVNDB: JVNDB-2024-003871 // NVD: CVE-2024-34600

SOURCES

db:	JVNDB	id:	JVNDB-2024-003871
db:	NVD	id:	CVE-2024-34600

LAST UPDATE DATE

2024-07-05T23:22:22.697000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-003871	date:	2024-07-03T01:52:00
db:	NVD	id:	CVE-2024-34600	date:	2024-07-02T18:05:54.487

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-003871	date:	2024-07-03T00:00:00
db:	NVD	id:	CVE-2024-34600	date:	2024-07-02T10:15:08.813