CVE-2022-28791 MEDIUM

CVE-2022-28791

Vendor Samsung Mobile

Product Galaxy Store

Weakness CWE-20 · Input validation

Published May 3, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

6.2/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.

Key dates

02Disclosure timeline

May 3, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-28791

Related vulnerabilities

CVE-2022-28791

01Description

02Disclosure timeline

03References

04Related CVE