CVE-2023-30736

EUVD-2023-35100
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Samsung MobileCNA
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
samsungsamsung_assistant
𝑥
< 8.7.00.1
𝑥
= Vulnerable software versions
References
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10