CVE-2018-10498 vulnerability in Samsung Products
Published on September 24, 2018
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.
Weakness Type
Path Traversal: '/absolute/pathname/here'
A software system that accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Products Associated with CVE-2018-10498
stack.watch emails you whenever new vulnerabilities are published in Samsung Email or Samsung Email. Just hit a watch button to start following.
Affected Versions
Samsung Email Version Fixed in version 5.0.02.16 is affected by CVE-2018-10498Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.