7.8
CVE-2021-25381
- EPSS 0.04%
- Published 09.04.2021 18:15:15
- Last modified 21.11.2024 05:54:52
- Source mobile.security@samsung.com
- Teams watchlist Login
- Open Login
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Data is provided by the National Vulnerability Database (NVD)
Samsung ≫ Account Version10.8.0.4
Google ≫ Android Version1.0
Google ≫ Android Version1.1
Google ≫ Android Version1.5
Google ≫ Android Version1.6
Google ≫ Android Version2.0
Google ≫ Android Version2.0.1
Google ≫ Android Version2.1
Google ≫ Android Version2.2
Google ≫ Android Version2.2 Updaterev1
Google ≫ Android Version2.2.1
Google ≫ Android Version2.2.2
Google ≫ Android Version2.2.3
Google ≫ Android Version2.3
Google ≫ Android Version2.3 Updaterev1
Google ≫ Android Version2.3.1
Google ≫ Android Version2.3.2
Google ≫ Android Version2.3.3
Google ≫ Android Version2.3.4
Google ≫ Android Version2.3.5
Google ≫ Android Version2.3.6
Google ≫ Android Version2.3.7
Google ≫ Android Version3.0
Google ≫ Android Version3.1
Google ≫ Android Version3.2
Google ≫ Android Version3.2.1
Google ≫ Android Version3.2.2
Google ≫ Android Version3.2.4
Google ≫ Android Version3.2.6
Google ≫ Android Version4.0
Google ≫ Android Version4.0.1
Google ≫ Android Version4.0.2
Google ≫ Android Version4.0.3
Google ≫ Android Version4.0.4
Google ≫ Android Version4.1
Google ≫ Android Version4.1.1
Google ≫ Android Version4.1.2
Google ≫ Android Version4.2
Google ≫ Android Version4.2.1
Google ≫ Android Version4.2.2
Google ≫ Android Version4.3
Google ≫ Android Version4.3.1
Google ≫ Android Version4.4
Google ≫ Android Version4.4.1
Google ≫ Android Version4.4.2
Google ≫ Android Version4.4.3
Google ≫ Android Version4.4.4
Google ≫ Android Version5.0
Google ≫ Android Version5.0.1
Google ≫ Android Version5.0.2
Google ≫ Android Version5.1
Google ≫ Android Version5.1.0
Google ≫ Android Version5.1.1
Google ≫ Android Version6.0
Google ≫ Android Version6.0.1
Google ≫ Android Version7.0
Google ≫ Android Version7.1.0
Google ≫ Android Version7.1.1
Google ≫ Android Version7.1.2
Google ≫ Android Version8.0
Google ≫ Android Version8.1
Google ≫ Android Version9.0
Google ≫ Android Version1.1
Google ≫ Android Version1.5
Google ≫ Android Version1.6
Google ≫ Android Version2.0
Google ≫ Android Version2.0.1
Google ≫ Android Version2.1
Google ≫ Android Version2.2
Google ≫ Android Version2.2 Updaterev1
Google ≫ Android Version2.2.1
Google ≫ Android Version2.2.2
Google ≫ Android Version2.2.3
Google ≫ Android Version2.3
Google ≫ Android Version2.3 Updaterev1
Google ≫ Android Version2.3.1
Google ≫ Android Version2.3.2
Google ≫ Android Version2.3.3
Google ≫ Android Version2.3.4
Google ≫ Android Version2.3.5
Google ≫ Android Version2.3.6
Google ≫ Android Version2.3.7
Google ≫ Android Version3.0
Google ≫ Android Version3.1
Google ≫ Android Version3.2
Google ≫ Android Version3.2.1
Google ≫ Android Version3.2.2
Google ≫ Android Version3.2.4
Google ≫ Android Version3.2.6
Google ≫ Android Version4.0
Google ≫ Android Version4.0.1
Google ≫ Android Version4.0.2
Google ≫ Android Version4.0.3
Google ≫ Android Version4.0.4
Google ≫ Android Version4.1
Google ≫ Android Version4.1.1
Google ≫ Android Version4.1.2
Google ≫ Android Version4.2
Google ≫ Android Version4.2.1
Google ≫ Android Version4.2.2
Google ≫ Android Version4.3
Google ≫ Android Version4.3.1
Google ≫ Android Version4.4
Google ≫ Android Version4.4.1
Google ≫ Android Version4.4.2
Google ≫ Android Version4.4.3
Google ≫ Android Version4.4.4
Google ≫ Android Version5.0
Google ≫ Android Version5.0.1
Google ≫ Android Version5.0.2
Google ≫ Android Version5.1
Google ≫ Android Version5.1.0
Google ≫ Android Version5.1.1
Google ≫ Android Version6.0
Google ≫ Android Version6.0.1
Google ≫ Android Version7.0
Google ≫ Android Version7.1.0
Google ≫ Android Version7.1.1
Google ≫ Android Version7.1.2
Google ≫ Android Version8.0
Google ≫ Android Version8.1
Google ≫ Android Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.076 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| mobile.security@samsung.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.