CVE-2023-42553 - Vulnerability Details - OpenCVE

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Samsung	Email

Configuration 1 [-]

cpe:2.3:a:samsung:email:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11

History

Thu, 06 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-863
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2023-11-07T07:49:52.365Z

Updated: 2025-03-06T15:30:26.309Z

Reserved: 2023-09-11T23:55:08.351Z

Link: CVE-2023-42553

Vulnrichment

Updated: 2024-08-02T19:23:39.826Z

NVD

Status : Modified

Published: 2023-11-07T08:15:23.367

Modified: 2025-03-06T16:15:43.477

Link: CVE-2023-42553

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42553", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "Samsung Mobile", "dateReserved": "2023-09-11T23:55:08.351Z", "datePublished": "2023-11-07T07:49:52.365Z", "dateUpdated": "2025-03-06T15:30:26.309Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Email", "versions": [{"status": "unaffected", "version": "6.1.90.4"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-11-07T07:49:52.365Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:39.826Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-863", "lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T15:25:40.678252Z", "id": "CVE-2023-42553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T15:30:26.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:23:39.826Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42553", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-06T15:25:40.678252Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T15:25:42.165Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Email", "versions": [{"status": "unaffected", "version": "6.1.90.4"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "descriptions": [{"lang": "en", "value": "Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-11-07T07:49:52.365Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42553", "state": "PUBLISHED", "dateUpdated": "2025-03-06T15:30:26.309Z", "dateReserved": "2023-09-11T23:55:08.351Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2023-11-07T07:49:52.365Z", "assignerShortName": "Samsung Mobile"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:email:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FF546BB-0925-409C-9647-A616DA963508", "versionEndExcluding": "6.1.90.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email."}, {"lang": "es", "value": "Una vulnerabilidad de verificaci\u00f3n de autorizaci\u00f3n inadecuada en Samsung Email anterior a la versi\u00f3n 6.1.90.4 permite a los atacantes leer datos de la zona de pruebas del correo electr\u00f3nico."}], "id": "CVE-2023-42553", "lastModified": "2025-03-06T16:15:43.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "mobile.security@samsung.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-07T08:15:23.367", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=11"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}