Samsung Mobile Samsung Account vulnerabilities

CVE-2022-39874 [MEDIUM] CWE-779 CVE-2022-39874: Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows at Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

CVE-2022-39863 [MEDIUM] CWE-20 CVE-2022-39863: Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to a Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

CVE-2022-39875 [MEDIUM] CWE-284 CVE-2022-39875: Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attack Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

CVE-2022-30735 [HIGH] CWE-200 CVE-2022-30735: Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers t Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.

CVE-2022-30732 [HIGH] CWE-200 CVE-2022-30732: Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.

CVE-2022-30737 [MEDIUM] CWE-200 CVE-2022-30737: Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attacke Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID.

CVE-2022-30733 [MEDIUM] CWE-200 CVE-2022-30733: Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows a Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

CVE-2022-30739 [MEDIUM] CWE-269 CVE-2022-30739: Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers t Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.

CVE-2022-30734 [MEDIUM] CWE-200 CVE-2022-30734: Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

CVE-2022-30736 [MEDIUM] CWE-200 CVE-2022-30736: Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers t Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.

CVE-2022-30743 [MEDIUM] CWE-200 CVE-2022-30743: Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers t Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.

CVE-2022-25825 [MEDIUM] CWE-287 CVE-2022-25825: Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.

CVE-2021-25403 [LOW] CWE-200 CVE-2021-25403: Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

CVE-2021-25381 [HIGH] CWE-285 CVE-2021-25381: Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

CVE-2021-25350 [LOW] CWE-200 CVE-2021-25350: Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically pr Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.

CVE-2021-25351 [LOW] CWE-285 CVE-2021-25351: Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1 Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.