CVE-2024-20867

Published May 7, 2024

Last updated 8 months ago

CVSS medium 5.5

Overview

Description
Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
email

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.CVE-2025-21077
  2. Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.CVE-2025-20894
  3. Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.CVE-2024-34636
  4. Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.CVE-2024-20807

References

Sources include official advisories and independent security research.