{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-39915","assignerOrgId":"3af57064-a867-422c-b2ad-40307b65c458","assignerShortName":"Samsung Mobile","dateUpdated":"2025-04-23T15:19:38.383Z","dateReserved":"2022-09-05T00:00:00.000Z","datePublished":"2022-12-08T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"3af57064-a867-422c-b2ad-40307b65c458","shortName":"Samsung Mobile","dateUpdated":"2022-12-08T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent."}],"affected":[{"vendor":"Samsung Mobile","product":"Samsung Calendar","versions":[{"version":"unspecified","status":"affected","lessThan":"11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13)","versionType":"custom"}]}],"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-284 Improper Access Control","cweId":"CWE-284"}]}],"source":{"discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:07:42.988Z"},"title":"CVE Program Container","references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T15:19:31.929926Z","id":"CVE-2022-39915","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-23T15:19:38.383Z"}}]}}