CVE-2021-25376

3.1LOW

Key Information:

Vendor: Samsung
Status: Samsung Email
Vendor: CVE Published:; 9 April 2021

Summary

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

Affected Version(s)

Samsung Email < 6.1.41.0

References

https://security.samsungmobile.com/

x_refsource_CONFIRM

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2021
Vulnerability Reserved
Jan 19, 2021