CVE-2023-21515

Опубликовано: 26 мая 2023

Источник: nvd

CVSS3: 7.5

CVSS3: 8.8

EPSS Низкий

Описание

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Ссылки

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01
Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*

Версия до 4.5.49.8 (исключая)

EPSS

Процентиль: 40%

0.00183

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-6q4x-p962-hh53

CVSS3: 7.5

github

больше 2 лет назад

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

EPSS

Процентиль: 40%

0.00183

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo