CVE-2021-25374 — HIGH (8.6)

Q: How severe is CVE-2021-25374?

CVE-2021-25374 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25374?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Members, Google Android.

Vulnerability Description

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Samsung	Members	<= 2.4.83.9
Google	Android	8.1

Related Weaknesses (CWE)

CWE-285

References

https://security.samsungmobile.com/Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsbVendor Advisory
https://security.samsungmobile.com/Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsbVendor Advisory

FAQ

What is CVE-2021-25374?

CVE-2021-25374 is a vulnerability with a CVSS score of 8.6 (HIGH). An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote...

How severe is CVE-2021-25374?

CVE-2021-25374 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25374?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Members, Google Android.