CVE-2021-25374

Summary

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung MembersAndroid O(8.x) and below < 2.4.83.9affected
Samsung MobileSamsung MembersAndroid P(9.0) and above < 3.9.00.9affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References