CVE-2021-25403

{"id": "CVE-2021-25403", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2021-06-11T15:15:09.653", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component."}, {"lang": "es", "value": "Una vulnerabilidad de redireccionamiento de intent en Samsung Account versiones anteriores a 10.8.0.4 en Android P(9.0) y posteriores, y versiones 12.2.0.9 en Android Q(10.0) y posteriores, permite a un atacante acceder a los contactos y al proveedor de archivos usando el componente SettingWebView"}], "lastModified": "2024-11-21T05:54:55.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD83F712-2186-4AE5-9D43-7216235D6A19", "versionEndExcluding": "10.8.0.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8B27FBB-7C86-4328-86CF-FA6D48EECFAE", "versionEndIncluding": "9.0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:account:12.2.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C84CDBB-C7EE-4C92-93A7-D31D2C6B9A31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F050AF1-DEAC-4BDB-9F7F-C940C02A4B92", "versionStartIncluding": "10.0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}