CVE-2021-25381 (GCVE-0-2021-25381)

Vulnerability from cvelistv5 – Published: 2021-04-09 17:40 – Updated: 2024-08-03 20:03
VLAI
Summary
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Account Affected: Android P(9.0) and below , < 10.8.0.4 (custom)
Affected: Android Q(10.0) and above , < 12.1.1.3 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Account",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "10.8.0.4",
              "status": "affected",
              "version": "Android P(9.0) and below",
              "versionType": "custom"
            },
            {
              "lessThan": "12.1.1.3",
              "status": "affected",
              "version": "Android Q(10.0) and above",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285 Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-09T17:40:41.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.samsungmobile.com/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.samsungmobile.com/serviceWeb.smsb"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25381",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Account",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Android P(9.0) and below",
                            "version_value": "10.8.0.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Android Q(10.0) and above",
                            "version_value": "12.1.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-285 Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/",
              "refsource": "CONFIRM",
              "url": "https://security.samsungmobile.com/"
            },
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb",
              "refsource": "CONFIRM",
              "url": "https://security.samsungmobile.com/serviceWeb.smsb"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25381",
    "datePublished": "2021-04-09T17:40:41.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:03:05.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-25381",
      "date": "2026-06-03",
      "epss": "0.00037",
      "percentile": "0.11186"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:account:10.8.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E8F33D6-493C-4A77-B032-C01C0B1370A1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0721FD34-5F94-4828-A8AA-EF70FAB71FC8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73CA4D29-321A-41ED-A75A-1EBB14A771C6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C354829-6BEB-4C67-972A-60367073753C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"702B40EB-76BC-4686-A46E-D02DBE3A86E7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4685EA90-1E01-4FFB-AE31-91FD5D69E2D8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"938DC86D-C783-4EFA-9AB6-3ADC8CD7BB41\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A33DBF65-09A6-4149-BABE-2FFFBF10C31D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78B69434-13B2-4A43-AEB0-55E0ED403E54\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1755B91-1B6B-4A9E-BB6B-22B399A6DD02\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A92E88F-CCED-41D7-AFB7-CE1F9265E546\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D13D3A00-27A0-4635-9D50-05CA81950691\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB959DB-AFE7-4667-9662-949ADAB81CE3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18669EEC-ABB9-4CE4-8C0E-A88BE08EC368\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*\", \"matchCriteriaId\": \"61D64B87-F1F1-4E52-86AE-F28E2C43A9A8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83AB2497-59DE-4253-A758-A3D03FAEB913\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E197EC0-82DF-49D5-BD1A-7EA22EC0B806\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"286EED24-E011-4009-BC2E-B63CA06072CE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77E6F4DF-F80F-4A9B-871E-155C0D3DD449\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC08431-C70E-4964-B7C0-C9C45F70DCD2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A2A79C6-A7BD-46C2-8320-B9652135F3BC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6997F035-D2F5-4174-B979-5D42FF69D9AC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86BFE05E-9749-43AA-8DB6-E2F13C2E1759\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DAAB25F-26E4-4493-B3DA-F87240633031\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96CD6B49-B9D4-493E-902D-B4EF48260BB0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB318EA4-2908-4B91-8DBB-20008FDF528A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4E46A9-B652-47CE-92E8-01021E57724B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA9F0F7-D592-481E-884C-B1A94E702825\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1BBFD29-6A53-4B1E-9611-680442CD04EB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9915371-C730-41F7-B86E-7E4DE0DF5385\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC30B2A2-9674-4052-B402-20348E50F9E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D835D592-2423-44C6-804A-3AD010112E7C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"568E2561-A068-46A2-B331-BBA91FC96F0C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B578E383-0D77-4AC7-9C81-3F0B8C18E033\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samsung:account:12.1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56CA14C5-60F5-46BE-9401-1824CCF95043\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D558D965-FA70-4822-A770-419E73BA9ED3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"109DD7FD-3A48-4C3D-8E1A-4433B98E1E64\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.\"}, {\"lang\": \"es\", \"value\": \"Al usar un PendingIntent no seguro en Samsung Account en versiones 10.8.0.4 en Android P(9.0) y por debajo, y versiones 12.1.1.3 en Android Q(10.0) y por encima, permite a atacantes locales llevar a cabo acciones no autorizadas sin permiso por medio del secuestro del PendingIntent\"}]",
      "id": "CVE-2021-25381",
      "lastModified": "2024-11-21T05:54:52.800",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"mobile.security@samsung.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-09T18:15:15.943",
      "references": "[{\"url\": \"https://security.samsungmobile.com/\", \"source\": \"mobile.security@samsung.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb\", \"source\": \"mobile.security@samsung.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.samsungmobile.com/serviceWeb.smsb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "mobile.security@samsung.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"mobile.security@samsung.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-285\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-25381\",\"sourceIdentifier\":\"mobile.security@samsung.com\",\"published\":\"2021-04-09T18:15:15.943\",\"lastModified\":\"2024-11-21T05:54:52.800\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.\"},{\"lang\":\"es\",\"value\":\"Al usar un PendingIntent no seguro en Samsung Account en versiones 10.8.0.4 en Android P(9.0) y por debajo, y versiones 12.1.1.3 en Android Q(10.0) y por encima, permite a atacantes locales llevar a cabo acciones no autorizadas sin permiso por medio del secuestro del PendingIntent\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"mobile.security@samsung.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:account:10.8.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E8F33D6-493C-4A77-B032-C01C0B1370A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0721FD34-5F94-4828-A8AA-EF70FAB71FC8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CA4D29-321A-41ED-A75A-1EBB14A771C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C354829-6BEB-4C67-972A-60367073753C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702B40EB-76BC-4686-A46E-D02DBE3A86E7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4685EA90-1E01-4FFB-AE31-91FD5D69E2D8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"938DC86D-C783-4EFA-9AB6-3ADC8CD7BB41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33DBF65-09A6-4149-BABE-2FFFBF10C31D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B69434-13B2-4A43-AEB0-55E0ED403E54\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1755B91-1B6B-4A9E-BB6B-22B399A6DD02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A92E88F-CCED-41D7-AFB7-CE1F9265E546\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D13D3A00-27A0-4635-9D50-05CA81950691\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB959DB-AFE7-4667-9662-949ADAB81CE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18669EEC-ABB9-4CE4-8C0E-A88BE08EC368\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D64B87-F1F1-4E52-86AE-F28E2C43A9A8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AB2497-59DE-4253-A758-A3D03FAEB913\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E197EC0-82DF-49D5-BD1A-7EA22EC0B806\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286EED24-E011-4009-BC2E-B63CA06072CE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E6F4DF-F80F-4A9B-871E-155C0D3DD449\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC08431-C70E-4964-B7C0-C9C45F70DCD2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2A79C6-A7BD-46C2-8320-B9652135F3BC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6997F035-D2F5-4174-B979-5D42FF69D9AC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1FD2E59-59BF-4611-B65B-A2981127CAC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86BFE05E-9749-43AA-8DB6-E2F13C2E1759\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DAAB25F-26E4-4493-B3DA-F87240633031\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96CD6B49-B9D4-493E-902D-B4EF48260BB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9F0F7-D592-481E-884C-B1A94E702825\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1BBFD29-6A53-4B1E-9611-680442CD04EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CEEA22-63B4-4702-A400-01349DF0EC1E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9915371-C730-41F7-B86E-7E4DE0DF5385\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC30B2A2-9674-4052-B402-20348E50F9E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D835D592-2423-44C6-804A-3AD010112E7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"568E2561-A068-46A2-B331-BBA91FC96F0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B578E383-0D77-4AC7-9C81-3F0B8C18E033\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DFAAD08-36DA-4C95-8200-C29FE5B6B854\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samsung:account:12.1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56CA14C5-60F5-46BE-9401-1824CCF95043\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D558D965-FA70-4822-A770-419E73BA9ED3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"109DD7FD-3A48-4C3D-8E1A-4433B98E1E64\"}]}]}],\"references\":[{\"url\":\"https://security.samsungmobile.com/\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb\",\"source\":\"mobile.security@samsung.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.samsungmobile.com/serviceWeb.smsb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.