MEDIUM🇵🇱 Wersja polska

CVE-2018-10498

CVSS 5.5v3.0pub. 2018-09-24upd. 2024-11-21

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Samsung Email

    APP
    Samsung
    < 5.0.02.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2018-10497HIGH7.8ten sam produkt

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email ...

CVE-2022-36864MEDIUM4.0ten sam produkt

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access s...

CVE-2022-36837MEDIUM6.2ten sam produkt

Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows atta...

CVE-2022-22287LOW3.9ten sam produkt

Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data i...

CVE-2025-4632CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Path Traversal w Samsung MagicINFO 9 Server — zapis plików jako SYSTEM