CVE-2022-36877 LOW

CVE-2022-36877

Vendor Samsung Mobile

Product Samsung Members

Weakness CWE-200 · Info exposure

Published September 9, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

2.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

Key dates

02Disclosure timeline

September 9, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-36877

Related vulnerabilities

04Related CVE

CVE-2020-36850 Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication CVE-2022-47554 Exposure of Sensitive Information in Ormazabal products CVE-2023-33851 IBM PowerVM Hypervisor information disclosure CVE-2020-3541 Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability

Identifiers

CVE CVE-2022-36877

CWE CWE-200

CVSS 2.8 / LOW

Affected versions

Vendor Samsung Mobile

Product Samsung Members

Affected ≥ unspecified and < 4.3.00.11 in Global and 14.0.02.4 in China