CVE-2021-25351

CWE-285CWE-863Incorrect Authorization3 documents3 sources
Severity
2.4LOW
EPSS
0.0%
top 84.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung AccountSamsung Account
Timeline
PublishedMar 25
Latest updateMay 24

Description

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 0.7 | Impact: 2.5

Affected Packages2 packages

NVDsamsung/account< 10.7.07+1
CVEListV5samsung_mobile/samsung_accountAndroid P(9.0) and below10.7.07+1

🔴Vulnerability Details

2
GHSA
GHSA-r7rr-ghh8-j4p9: Improper Access Control in EmailValidationView in Samsung Account prior to version 102022-05-24
CVEList
CVE-2021-25351: Improper Access Control in EmailValidationView in Samsung Account prior to version 102021-03-25
CVE-2021-25351 (LOW CVSS 2.4) | Improper Access Control in EmailVal | cvebase.io