CVE-2023-21515 HIGH

CVE-2023-21515

Vendor Samsung Mobile

Product Galaxy Store

Weakness CWE-20 · Input validation

Published May 26, 2023

Last update January 15, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Key dates

02Disclosure timeline

May 26, 2023 CVE published

January 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21515

Related vulnerabilities

Identifiers

CVE CVE-2023-21515

CWE CWE-20

CVSS 7.5 / HIGH

Affected versions