Samsung Account vulnerabilities

27 known vulnerabilities affecting samsung/account.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM19LOW4

Vulnerabilities

Page 2 of 2
CVE-2022-30743MEDIUMCVSS 5.3fixed in 13.2.00.62022-06-07
CVE-2022-30743 [MEDIUM] CWE-200 CVE-2022-30743: Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers t Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
nvd
CVE-2022-30734MEDIUMCVSS 5.3fixed in 13.2.00.62022-06-07
CVE-2022-30734 [MEDIUM] CWE-200 CVE-2022-30734: Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
nvd
CVE-2022-30739MEDIUMCVSS 4.3fixed in 13.2.00.62022-06-07
CVE-2022-30739 [MEDIUM] CWE-269 CVE-2022-30739: Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers t Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.
nvd
CVE-2021-25403LOWCVSS 3.3fixed in 10.8.0.4v12.2.0.92021-06-11
CVE-2021-25403 [LOW] CWE-200 CVE-2021-25403: Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
nvd
CVE-2021-25381HIGHCVSS 7.8v10.8.0.4v12.1.1.32021-04-09
CVE-2021-25381 [MEDIUM] CWE-285 CVE-2021-25381: Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
nvd
CVE-2021-25350LOWCVSS 3.9fixed in 12.1.1.32021-03-25
CVE-2021-25350 [LOW] CWE-200 CVE-2021-25350: Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically pr Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
nvd
CVE-2021-25351LOWCVSS 2.4fixed in 10.7.07fixed in 12.1.1.32021-03-25
CVE-2021-25351 [LOW] CWE-285 CVE-2021-25351: Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1 Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
nvd
← Previous2 / 2
Samsung Account vulnerabilities | cvebase