CVE-2023-21449 MEDIUM

CVE-2023-21449

Vendor Samsung Mobile

Product Samsung Mobile Devices

Weakness CWE-200 · Info exposure

Published March 16, 2023

Last update February 26, 2025

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.

Key dates

02Disclosure timeline

March 16, 2023 CVE published

February 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21449 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure CVE-2024-8899 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template CVE-2022-34867 WordPress WP Libre Form 2 plugin <= 2.0.8 - Unauthenticated Sensitive Information Disclosure vulnerability CVE-2021-25118 Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure CVE-2026-5847 code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

Identifiers

CVE CVE-2023-21449

CWE CWE-200

CVSS 4.0 / MEDIUM

Affected versions

Vendor Samsung Mobile

Product Samsung Mobile Devices

Affected ≥ Select Android 11, 12 devices and < SMR Mar-2023 Release 1