CVE-2021-25403

2021-06-1114:45:23

CWE-200

Samsung Mobile

www.cve.org

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

CNA Affected

[
  {
    "product": "Samsung Account",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "10.8.0.4 in Android P(9.0) below, and 12.2.0.9 in Android Q(10.0) above",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5