CVE-2015-7889

Опубликовано: 28 дек. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.

Ссылки

http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/77339
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/38558/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/77339
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/38558/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 5.1.1 (включая)

cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02446

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-275

Связанные уязвимости

GHSA-jqhx-6cv3-4f4v