CVE-2021-25432

CWE-200Information ExposureCWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 79.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung MembersSamsung Samsung Members
Timeline
PublishedJul 8
Latest updateMay 24

Description

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/samsung_members< 2.4.85.11+1
CVEListV5samsung_mobile/samsung_members-2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above

🔴Vulnerability Details

2
GHSA
GHSA-v79v-2crm-c7vh: Information exposure vulnerability in Samsung Members prior to versions 22022-05-24
CVEList
CVE-2021-25432: Information exposure vulnerability in Samsung Members prior to versions 22021-07-08
CVE-2021-25432 (LOW CVSS 3.3) | Information exposure vulnerability | cvebase.io