CVE-2021-25403 Information

Description

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.3