CVE-2021-25376

EPSS 0.25%
Veröffentlicht 09.04.2021 18:15:15
Zuletzt bearbeitet 21.11.2024 05:54:52
Quelle mobile.security@samsung.com
Teams Watchlist Login
Unerledigt Login

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Email Version < 6.1.41.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.451

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
mobile.security@samsung.com	3.1	1.6	1.4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-662 Improper Synchronization

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

https://security.samsungmobile.com/serviceWeb.smsb

Vendor Advisory

https://security.samsungmobile.com/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25376

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25376

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25376

EUVD