An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://security.samsungmobile.com/securityUpdate.smsb |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-10T18:54:57
Updated: 2024-08-06T08:51:05.489Z
Reserved: 2020-04-10T00:00:00
Link: CVE-2015-9546
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-10T19:15:12.570
Modified: 2020-04-13T15:31:56.300
Link: CVE-2015-9546
Redhat
No data.