PT-2021-16561 · Samsung · Samsung Cloud

Published

2021-03-25

Updated

2021-03-30

CVE-2021-25368

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Samsung Cloud versions prior to 4.7.0.3

Description: A hijacking issue in Samsung Cloud allows attackers to intercept when the provider is executed. This issue affects Samsung Cloud versions prior to 4.7.0.3.

Recommendations: For versions prior to 4.7.0.3, update to version 4.7.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the provider to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-25368

Affected Products

Samsung Cloud

PT-2021-16561 · Samsung · Samsung Cloud

CVE-2021-25368

Weakness Enumeration

Related Identifiers

Affected Products

References · 5