CVE-2021-25438Improper Access Control in Mobile Samsung Members

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung MembersSamsung Members
Timeline
PublishedJul 8
Latest updateMay 24

Description

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsamsung/members< 2.4.85.11+1
CVEListV5samsung_mobile/samsung_members-2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above

🔴Vulnerability Details

2
GHSA
GHSA-xhxr-rr46-hc8x: Improper access control vulnerability in Samsung Members prior to versions 22022-05-24
CVEList
CVE-2021-25438: Improper access control vulnerability in Samsung Members prior to versions 22021-07-08
CVE-2021-25438 — Improper Access Control | cvebase