) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:samsung:smartthings:1.7.73.22:*:*:*:*:android:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-39871 |
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. Published: October 07, 2022; 11:15:22 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39870 |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. Published: October 07, 2022; 11:15:22 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39869 |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. Published: October 07, 2022; 11:15:22 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39868 |
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Published: October 07, 2022; 11:15:22 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39867 |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. Published: October 07, 2022; 11:15:22 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39866 |
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Published: October 07, 2022; 11:15:21 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39865 |
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Published: October 07, 2022; 11:15:21 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-39864 |
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. Published: October 07, 2022; 11:15:21 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-30749 |
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. Published: June 07, 2022; 3:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2022-30747 |
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. Published: June 07, 2022; 3:15:10 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2022-30746 |
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. Published: June 07, 2022; 3:15:10 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |