CVE-2022-36877

CVSS 2.8 LOWEPSS 0.2%CWE-200

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 2.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

09 Sep 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected products

Samsung Mobile · Samsung Members

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09