CVE-2021-25439

2021-07-0813:47:58

CWE-284

Samsung Mobile

www.cve.org

samsung members

access control

untrusted applications

arbitrary webpage loading

webview

android o

android p

AI Score

4.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

CNA Affected

[
  {
    "product": "Samsung Members",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above",
        "status": "affected",
        "version": "-",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7