CVE-2021-25375

EPSS 0.36%
Veröffentlicht 09.04.2021 18:15:15
Zuletzt bearbeitet 21.11.2024 05:54:52
Quelle mobile.security@samsung.com
Teams Watchlist Login
Unerledigt Login

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Email Version < 6.1.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.552

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
mobile.security@samsung.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://security.samsungmobile.com/serviceWeb.smsb

Vendor Advisory

https://security.samsungmobile.com/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25375

EUVD