CVE-2021-25438

2021-07-0813:47:18

CWE-284

Samsung Mobile

www.cve.org

samsung members

access control

local file inclusion

android o

android p

vulnerability

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

CNA Affected

[
  {
    "product": "Samsung Members",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7