Lucene search

Samsung MobileCVELIST:CVE-2021-25354

HistoryMar 25, 2021 - 4:13 p.m.

CVE-2021-25354

2021-03-2516:13:14

CWE-285

Samsung Mobile

www.cve.org

samsung internet

input check

non-exported activity

deeplink

security vulnerability

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

20.6%

JSON

Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.

CNA Affected

[
  {
    "product": "Samsung Internet",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "13.2.1.46",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/

security.samsungmobile.com/serviceWeb.smsb

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

20.6%

JSON

Related for CVELIST:CVE-2021-25354