Lucene search

Samsung MobileCVELIST:CVE-2021-25353

HistoryMar 25, 2021 - 4:12 p.m.

CVE-2021-25353

2021-03-2516:12:16

CWE-285

Samsung Mobile

www.cve.org

galaxy themes

local attackers

private files

hijacking

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent.

CNA Affected

[
  {
    "product": "Galaxy Themes",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "5.2.00.1215",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/

security.samsungmobile.com/serviceWeb.smsb

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-25353