CVE-2021-25403Sensitive Information Exposure in Mobile Samsung Account

CWE-200Sensitive Information ExposureCWE-863Incorrect Authorization3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 79.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung AccountSamsung Account
Timeline
PublishedJun 11
Latest updateMay 24

Description

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/account< 10.8.0.4+1
CVEListV5samsung_mobile/samsung_accountunspecified10.8.0.4 in Android P(9.0) below, and 12.2.0.9 in Android Q(10.0) above

🔴Vulnerability Details

2
GHSA
GHSA-8xvr-c64w-jgc4: Intent redirection vulnerability in Samsung Account prior to version 102022-05-24
CVEList
CVE-2021-25403: Intent redirection vulnerability in Samsung Account prior to version 102021-06-11
CVE-2021-25403 — Sensitive Information Exposure | cvebase