Improper Synchronization Logic in Samsung Email Product
CVE-2021-25376

3.1LOW

Key Information:

Vendor: Samsung
Status: Samsung Email
Vendor: CVE Published:; 9 April 2021

What is CVE-2021-25376?

An issue in Samsung Email prior to version 6.1.41.0 allows for improper synchronization, which can lead to the exposure of messages in plaintext format if the STARTTLS negotiation fails. This vulnerability may compromise the confidentiality of sensitive information members within certain mailboxes.

Affected Version(s)

Samsung Email < 6.1.41.0

References

https://security.samsungmobile.com/

x_refsource_CONFIRM

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2021
Vulnerability Reserved
Jan 19, 2021