CVE-2023-30736

Summary

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Assistant8.7.00.1unaffected

Weaknesses

  • CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References