CVE-2021-25376

EPSS 0.25%
Published 09.04.2021 18:15:15
Last modified 21.11.2024 05:54:52
Source mobile.security@samsung.com
Teams watchlist Login
Open Login

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Email Version < 6.1.41.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.451

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
mobile.security@samsung.com	3.1	1.6	1.4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-662 Improper Synchronization

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

https://security.samsungmobile.com/serviceWeb.smsb

Vendor Advisory

https://security.samsungmobile.com/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25376

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25376

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25376

EUVD