PT-2021-16594 · Samsung · Samsung Account

Hard

Published

2021-06-11

Updated

2022-07-30

CVE-2021-25403

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 10.8.0.4 Samsung Account versions prior to 12.2.0.9 in Android Q(10.0) and above

Description: The issue allows an attacker to access contacts and file provider using the SettingWebView component.

Recommendations: For versions prior to 10.8.0.4, update to version 10.8.0.4 or later. For versions prior to 12.2.0.9 in Android Q(10.0) and above, update to version 12.2.0.9 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-25403

Affected Products

Samsung Account

PT-2021-16594 · Samsung · Samsung Account

CVE-2021-25403

Weakness Enumeration

Related Identifiers

Affected Products

References · 4