CVE-2021-25439

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 82.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung MembersSamsung Members
Timeline
PublishedJul 8
Latest updateMay 24

Description

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/members< 2.4.85.11+1
CVEListV5samsung_mobile/samsung_members-2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above

🔴Vulnerability Details

2
GHSA
GHSA-4m9p-wh47-w846: Improper access control vulnerability in Samsung Members prior to versions 22022-05-24
CVEList
CVE-2021-25439: Improper access control vulnerability in Samsung Members prior to versions 22021-07-08