CVE-2022-22288 HIGH

CVE-2022-22288

Vendor Samsung Mobile
Product Galaxy Store
Weakness CWE-285
Published January 7, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

Key dates

02Disclosure timeline

January 7, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-39879 CVE-2023-6538 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data. CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization CVE-2024-27930 Sensitive fields access through dropdowns in GLPI CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance