vendor:
Samsung S6 Edge
by:
Unknown
7.5
CVSS
HIGH
Insecure Exported Service
284
CWE
Product Name: Samsung S6 Edge
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Platforms Tested:
Unknown
Unprivileged Application Access to Email Content on Samsung S6 Edge
The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. This action requires no permissions to call, allowing an unprivileged application to gain access to email content.
Mitigation:
Implement proper permission checks for the exported service action.