← Volver a CVEs
CVE-2021-25381
MEDIUM5.5
Descripcion
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/9/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
google:androidsamsung:account
Debilidades (CWE)
CWE-285CWE-276
Referencias
https://security.samsungmobile.com/(mobile.security@samsung.com)
https://security.samsungmobile.com/serviceWeb.smsb(mobile.security@samsung.com)
https://security.samsungmobile.com/(af854a3a-2127-422b-91ae-364da2661108)
https://security.samsungmobile.com/serviceWeb.smsb(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.