Skip to main content

Account CVE-2022-30739

MEDIUM
Improper Privilege Management (CWE-269)
2022-06-07 mobile.security@samsung.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 07, 2022 - 19:15 nvd
MEDIUM 4.3

DescriptionNVD

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.

AnalysisAI

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. Affected products include: Samsung Account. Version information: prior to 13.2.00.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2026-21264 CRITICAL
9.3 Jan 22

Microsoft Account has a cross-site scripting vulnerability allowing unauthenticated attackers to execute scripts in the

CVE-2021-25381 HIGH
7.8 Apr 09

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android

CVE-2022-30735 HIGH
7.5 Jun 07

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_tok

CVE-2022-30732 HIGH
7.5 Jun 07

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access

CVE-2023-42551 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version

CVE-2023-42550 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5

CVE-2023-42549 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior

CVE-2023-42548 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior

CVE-2023-42547 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prio

CVE-2023-42546 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account pr

CVE-2024-20841 MEDIUM
5.5 Mar 05

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to acc

CVE-2023-42540 MEDIUM
5.5 Nov 07

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive

Share

CVE-2022-30739 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy