CVE-2021-25405Improper Access Control in Mobile Samsung Notes

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung NotesSamsung Notes
Timeline
PublishedJun 11
Latest updateMay 24

Description

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/notes< 4.2.04.27
CVEListV5samsung_mobile/samsung_notesunspecified4.2.04.27

🔴Vulnerability Details

2
GHSA
GHSA-q5j2-4886-wvhf: An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 42022-05-24
CVEList
CVE-2021-25405: An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 42021-06-11
CVE-2021-25405 — Improper Access Control | cvebase