CVE-2022-36877: Infoleak
First published: Fri Sep 09 2022(Updated: )
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Members | <4.3.00.11 | |
| Samsung Members | <14.0.02.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-36877?
CVE-2022-36877 is classified as a moderate severity vulnerability that exposes sensitive information to local attackers.
How do I fix CVE-2022-36877?
To fix CVE-2022-36877, update the Samsung Members app to version 4.3.00.11 or later for global devices, or version 14.0.02.4 or later for devices in China.
What kind of sensitive information is exposed by CVE-2022-36877?
CVE-2022-36877 allows local attackers to access device identification information via logs.
Who is affected by CVE-2022-36877?
Users of Samsung Members app versions prior to 4.3.00.11 in global regions and 14.0.02.4 in China are affected by CVE-2022-36877.
How does CVE-2022-36877 affect device security?
CVE-2022-36877 compromises device security by allowing unauthorized access to sensitive identification details.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung members