{"containers":{"cna":{"affected":[{"product":"Bixby Vision","vendor":"Samsung Mobile","versions":[{"lessThan":"3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below","status":"affected","version":"-","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94: Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-02-11T17:40:15.000Z","orgId":"3af57064-a867-422c-b2ad-40307b65c458","shortName":"Samsung Mobile"},"references":[{"tags":["x_refsource_MISC"],"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2"}],"source":{"discovery":"UNKNOWN"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"mobile.security@samsung.com","ID":"CVE-2022-23434","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Bixby Vision","version":{"version_data":[{"version_affected":"<","version_name":"-","version_value":"3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below"}]}}]},"vendor_name":"Samsung Mobile"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}]},"references":{"reference_data":[{"name":"https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2","refsource":"MISC","url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:43:45.932Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2"}]}]},"cveMetadata":{"assignerOrgId":"3af57064-a867-422c-b2ad-40307b65c458","assignerShortName":"Samsung Mobile","cveId":"CVE-2022-23434","datePublished":"2022-02-11T17:40:15.000Z","dateReserved":"2022-01-18T00:00:00.000Z","dateUpdated":"2024-08-03T03:43:45.932Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}