CVE-2021-25403

3.3LOW

Key Information:

Vendor
Samsung
Vendor
CVE Published:
11 June 2021

Summary

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

Affected Version(s)

Samsung Account < 10.8.0.4 in Android P(9.0) below, and 12.2.0.9 in Android Q(10.0) above

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.