CVE-2021-25375

EPSS 0.36%
Published 09.04.2021 18:15:15
Last modified 21.11.2024 05:54:52
Source mobile.security@samsung.com
Teams watchlist Login
Open Login

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Email Version < 6.1.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.552

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
mobile.security@samsung.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://security.samsungmobile.com/serviceWeb.smsb

Vendor Advisory

https://security.samsungmobile.com/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25375

EUVD