Samsung Members
Monthly
Improper input validation in Samsung Members prior to version 5.8.01.5 allows local authenticated attackers to access arbitrary URLs and launch arbitrary Android activities using Samsung Members' application privileges. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local access with low privileges and no additional preconditions, with the score of 6.9 reflecting a high availability impact on the vulnerable component alongside low integrity impact. No public exploit identified at time of analysis and this vulnerability is not listed in CISA KEV, but the ability to hijack privileged activity launches on Samsung devices makes it a meaningful local privilege-chaining vector.
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper input validation in Samsung Members prior to version 5.8.01.5 allows local authenticated attackers to access arbitrary URLs and launch arbitrary Android activities using Samsung Members' application privileges. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local access with low privileges and no additional preconditions, with the score of 6.9 reflecting a high availability impact on the vulnerable component alongside low integrity impact. No public exploit identified at time of analysis and this vulnerability is not listed in CISA KEV, but the ability to hijack privileged activity launches on Samsung devices makes it a meaningful local privilege-chaining vector.
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.