CVE-2021-25400Improper Export of Android Application Components in Mobile Samsug Internet

CWE-926Improper Export of Android Application ComponentsCWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 84.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsug InternetSamsung Internet
Timeline
PublishedJun 11
Latest updateMay 24

Description

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsamsung/internet< 14.0.1.20
CVEListV5samsung_mobile/samsug_internetunspecified14.0.1.20

🔴Vulnerability Details

2
GHSA
GHSA-gcm7-m975-8q53: Intent redirection vulnerability in Samsung Internet prior to version 142022-05-24
CVEList
CVE-2021-25400: Intent redirection vulnerability in Samsung Internet prior to version 142021-06-11