CVE-2021-25355Improper Authorization in Mobile Samsung Notes

CWE-285Improper AuthorizationCWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.8HIGHNVD
CNA5.5
EPSS
0.0%
top 90.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung NotesSamsung Notes
Timeline
PublishedMar 25
Latest updateMay 24

Description

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsamsung/notes< 4.2.00.22
CVEListV5samsung_mobile/samsung_notesunspecified4.2.00.22

🔴Vulnerability Details

2
GHSA
GHSA-xpr4-hvm8-xj54: Using unsafe PendingIntent in Samsung Notes prior to version 42022-05-24
CVEList
CVE-2021-25355: Using unsafe PendingIntent in Samsung Notes prior to version 42021-03-25
CVE-2021-25355 — Improper Authorization | cvebase