CVE-2021-25381

Summary

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung AccountAndroid P(9.0) and below < 10.8.0.4affected
Samsung MobileSamsung AccountAndroid Q(10.0) and above < 12.1.1.3affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References