CVE-2024-20825

MEDIUM5.5

JSON export Create alert

Description

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Samsung Mobile / Galaxy Store4.5.63.6 – 4.5.63.6

References

MISChttps://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02