CVE-2021-25376

CWE-200Information ExposureCWE-6623 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 52.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung EmailSamsung Email
Timeline
PublishedApr 9
Latest updateMay 24

Description

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/email< 6.1.41.0
CVEListV5samsung_mobile/samsung_emailunspecified6.1.41.0

🔴Vulnerability Details

2
GHSA
GHSA-7vc5-w68f-5fg9: An improper synchronization logic in Samsung Email prior to version 62022-05-24
CVEList
CVE-2021-25376: An improper synchronization logic in Samsung Email prior to version 62021-04-09
CVE-2021-25376 (MEDIUM CVSS 5.3) | An improper synchronization logic i | cvebase.io