CVE-2021-25374

High

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and…

Samsung Mobile·CWE-285·Published 2021-04-09

CVSS

7.5

EPSS

0.03

KEV

Exploits

cve.orgen

262 chars

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

NVDen

262 chars

NVDes

304 chars

Una vulnerabilidad de autorización inapropiada en el esquema "samsungrewards" de Samsung Members para deeplink en versiones 2.4.83.9 en Android O(8.1) y por debajo y versiones 3.9.00.9 en Android P(9.0) y superiores, permite a atacantes remotos acceder a datos de usuario relacionados con Samsung Account

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N