CVE-2021-25403

Summary

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Accountunspecified < 10.8.0.4 in Android P(9.0) below, and 12.2.0.9 in Android Q(10.0) aboveaffected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References