CVE-2021-25381
published 2021-04-09CVE-2021-25381: Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | account | — | — |
| samsung | account | — | — |
| samsung_mobile | samsung_account | >= Android P(9.0) and below < 10.8.0.4 | 10.8.0.4 |
| samsung_mobile | samsung_account | >= Android Q(10.0) and above < 12.1.1.3 | 12.1.1.3 |