Samsung Galaxy Store

Do you want an email whenever new security vulnerabilities are reported in Samsung Galaxy Store?

By the Year

In 2023 there have been 2 vulnerabilities in Samsung Galaxy Store with an average score of 7.0 out of ten. Last year Galaxy Store had 8 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.05.

Year	Vulnerabilities	Average Score
2023	2	6.95
2022	8	6.90
2021	1	5.50
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Galaxy Store vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Galaxy Store Security Vulnerabilities

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8

CVE-2023-21434 6.1 - Medium - February 09, 2023

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

XSS

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8

CVE-2023-21433 7.8 - High - February 09, 2023

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

Incorrect Default Permissions

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8

CVE-2022-33710 7.8 - High - July 12, 2022

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Improper Privilege Management

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8

CVE-2022-33709 7.8 - High - July 12, 2022

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Improper Privilege Management

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8

CVE-2022-33708 7.8 - High - July 12, 2022

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Improper Privilege Management

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8

CVE-2022-28791 5.5 - Medium - May 03, 2022

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.

Improper Input Validation

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4

CVE-2022-28776 7.8 - High - April 11, 2022

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.

AuthZ

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5

CVE-2022-28544 5.5 - Medium - April 11, 2022

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.

Directory traversal

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5

CVE-2022-28542 5.5 - Medium - April 11, 2022

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

AuthZ

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5

CVE-2022-22288 7.5 - High - January 10, 2022

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

AuthZ

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4

CVE-2021-25499 5.5 - Medium - October 06, 2021

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Samsung Galaxy Store or by Samsung? Click the Watch button to subscribe.

Samsung
Vendor

Samsung Galaxy Store
Product

Samsung Galaxy Store

By the Year

Recent Samsung Galaxy Store Security Vulnerabilities

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 CVE-2023-21434 6.1 - Medium - February 09, 2023

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 CVE-2023-21433 7.8 - High - February 09, 2023

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 CVE-2022-33710 7.8 - High - July 12, 2022

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 CVE-2022-33709 7.8 - High - July 12, 2022

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 CVE-2022-33708 7.8 - High - July 12, 2022

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 CVE-2022-28791 5.5 - Medium - May 03, 2022

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 CVE-2022-28776 7.8 - High - April 11, 2022

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 CVE-2022-28544 5.5 - Medium - April 11, 2022

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 CVE-2022-28542 5.5 - Medium - April 11, 2022

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 CVE-2022-22288 7.5 - High - January 10, 2022

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 CVE-2021-25499 5.5 - Medium - October 06, 2021

Stay on top of Security Vulnerabilities

Samsung Vendor

Samsung Galaxy StoreProduct

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8

CVE-2023-21434 6.1 - Medium - February 09, 2023

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8

CVE-2023-21433 7.8 - High - February 09, 2023

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8

CVE-2022-33710 7.8 - High - July 12, 2022

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8

CVE-2022-33709 7.8 - High - July 12, 2022

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8

CVE-2022-33708 7.8 - High - July 12, 2022

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8

CVE-2022-28791 5.5 - Medium - May 03, 2022

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4

CVE-2022-28776 7.8 - High - April 11, 2022

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5

CVE-2022-28544 5.5 - Medium - April 11, 2022

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5

CVE-2022-28542 5.5 - Medium - April 11, 2022

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5

CVE-2022-22288 7.5 - High - January 10, 2022

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4

CVE-2021-25499 5.5 - Medium - October 06, 2021

Samsung
Vendor

Samsung Galaxy Store
Product