CVE-2023-21445

MEDIUM

Samsung Android - Improper Access Control

Title source: rule

Description

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.

References (1)

[Vendor Advisory] https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 32.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-284 CWE-668

Status published

Affected Products (50)

samsung/android

... and 35 more

Timeline

Published Feb 09, 2023

Tracked Since Feb 18, 2026