{"vulnerability": "CVE-2022-2877", "sightings": [{"uuid": "06929709-1f61-4752-bda3-11c7b2fa2145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9474", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2022-28776: Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store.\n\nhttps://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/", "creation_timestamp": "2022-05-06T01:33:06.000000Z"}, {"uuid": "cdba93a2-fddd-4b79-8a4d-87593fe2368b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "published-proof-of-concept", "source": "https://t.me/ShlezySec_Channel/298", "content": "CVE-2022-28776: Samsung Galaxy - \u05db\u05dc \u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 \u05d9\u05db\u05d5\u05dc\u05d4 \u05dc\u05d4\u05ea\u05e7\u05d9\u05df \u05db\u05dc \u05d0\u05e4\u05dc\u05d9\u05e7\u05e6\u05d9\u05d4 \u05d1-Galaxy App Store.\n\n https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/", "creation_timestamp": "2022-05-06T02:54:20.000000Z"}, {"uuid": "cf2db007-6596-4a55-a813-f880413d09be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28771", "type": "seen", "source": "https://t.me/true_secator/3176", "content": "\u041d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f SAP \u043a \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u043c \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f\u043c \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u043b \u0435\u0449\u0435 20 \u043d\u043e\u0432\u044b\u0445. \u0418\u0437 \u043d\u043e\u0432\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0447\u0435\u0442\u044b\u0440\u0435 \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u0434\u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 SAP BusinessObjects \u0438 \u0442\u0440\u0438 \u043d\u0430\u0439\u0434\u0435\u043d\u043e \u0432 Business One.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-35228 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8,3), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b BusinessObjects Business Intelligence.\n\n\u041a\u0430\u043a \u0437\u0430\u0432\u0435\u0440\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 Onapsis \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0442\u043e\u043a\u0435\u043d\u0435 \u043f\u043e \u0441\u0435\u0442\u0438, \u043d\u043e \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e.\n\n\u041d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u043e\u0439, \u0432\u043b\u0438\u044f\u044e\u0449\u0435\u0439 \u043d\u0430 Business One, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CVE-2022-32249), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 (CVE-2022-28771), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u043f\u043e \u0441\u0435\u0442\u0438.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u0432 Business One \u2014 \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (CVE-2022-31593) \u0438 \u043e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n17 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 SAP, \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043d\u0438\u0445 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043f\u043e\u0440\u0442\u0430\u043b NetWeaver \u0438 \u0431\u0438\u0437\u043d\u0435\u0441-\u043e\u0431\u044a\u0435\u043a\u0442\u044b.\n\n\u0412 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f\u0445 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS) \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u043f\u043e\u0440\u0442\u0430\u043b\u0435 NetWeaver \u0438 \u0432\u0441\u0435 \u043e\u043d\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 6,1. \u0427\u0430\u0441\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0445 \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Business Objects, SAPS/4HANA, EA-DFPS, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 ABAP \u0438 Business One.", "creation_timestamp": "2022-07-14T19:32:02.000000Z"}, {"uuid": "c0582a4d-0405-4d08-bddb-2f7e332b7cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2877", "type": "seen", "source": "https://t.me/cibsecurity/49868", "content": "\u203c CVE-2022-2877 \u203c\n\nThe Titan Anti-spam &amp; Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T12:39:02.000000Z"}, {"uuid": "be0819c3-3f89-44cf-9387-f3dd8c7f5d46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28774", "type": "seen", "source": "https://t.me/cibsecurity/42359", "content": "\u203c CVE-2022-28774 \u203c\n\nUnder certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T18:35:34.000000Z"}, {"uuid": "1c335e95-2a20-48d2-8839-0d96eb834de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28771", "type": "seen", "source": "https://t.me/cibsecurity/46098", "content": "\u203c CVE-2022-28771 \u203c\n\nDue to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T00:25:40.000000Z"}, {"uuid": "d2bbd049-bbb8-42c0-a6fb-1ba25156de3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28770", "type": "seen", "source": "https://t.me/cibsecurity/40655", "content": "\u203c CVE-2022-28770 \u203c\n\nDue to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T20:23:19.000000Z"}, {"uuid": "3293a3b9-5da7-44d2-a0a9-89e261330696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28779", "type": "seen", "source": "https://t.me/cibsecurity/40556", "content": "\u203c CVE-2022-28779 \u203c\n\nUncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:30:00.000000Z"}, {"uuid": "0d73999e-1360-48a9-bf96-1be5ead460a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "seen", "source": "https://t.me/cibsecurity/40552", "content": "\u203c CVE-2022-28776 \u203c\n\nImproper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:29:26.000000Z"}, {"uuid": "8bb8de7b-b791-4a00-93a1-ef7bdcc823ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28772", "type": "seen", "source": "https://t.me/cibsecurity/40637", "content": "\u203c CVE-2022-28772 \u203c\n\nBy overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T20:17:22.000000Z"}, {"uuid": "81d38174-fbef-43cf-85b9-81d4dc46e467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28777", "type": "seen", "source": "https://t.me/cibsecurity/40509", "content": "\u203c CVE-2022-28777 \u203c\n\nImproper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:16:22.000000Z"}, {"uuid": "0d5f897e-2606-449c-8d55-f6415282cb0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28773", "type": "seen", "source": "https://t.me/cibsecurity/40646", "content": "\u203c CVE-2022-28773 \u203c\n\nDue to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T20:23:06.000000Z"}, {"uuid": "7c094bd7-a10a-47c0-b7b9-14d4656b5941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28775", "type": "seen", "source": "https://t.me/cibsecurity/40523", "content": "\u203c CVE-2022-28775 \u203c\n\nImproper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:22:17.000000Z"}, {"uuid": "d292b29c-875e-4456-a3ae-521cfc14b55e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28775", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1527", "content": "Samsung Flow - Any App Can Read The External Storage CVE-2022-28775\nA rogue application could use this issue to read contents on the device's external storage without requiring the proper Android permissions\nhttps://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/", "creation_timestamp": "2022-05-12T07:49:15.000000Z"}, {"uuid": "3ab07216-ce09-4969-96e8-f3003c722f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1528", "content": "Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store CVE-2022-28776\nThis new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent\nhttps://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/", "creation_timestamp": "2022-05-17T15:12:41.000000Z"}, {"uuid": "425b3e1f-43a9-47cf-8ee7-a5fbb1c38093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2040", "content": "#CVE-2022-28776\n\nAny App Can Install Any App In The Galaxy App Store\n\nhttps://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/\n\n@BlueRedTeam", "creation_timestamp": "2022-05-08T10:13:15.000000Z"}, {"uuid": "5947df15-6086-40d5-b821-0710f03a2b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6232", "content": "Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store CVE-2022-28776\nThis new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent\nhttps://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/", "creation_timestamp": "2022-05-09T14:15:07.000000Z"}, {"uuid": "ea685241-8710-40fd-9cdf-5d4fee970326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28776", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5963", "content": "#exploit\n1. CVE-2022-28776:\nAny App Can Install Any App In The Galaxy App Store\nhttps://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app\n\n2. A GUI version ipwndfu exploit suite\nhttps://github.com/alyxferrari/checkm8gui", "creation_timestamp": "2022-05-08T12:23:01.000000Z"}]}