Skip to main content

Account CVE-2021-25351

LOW
Improper Authorization (CWE-285)
2021-03-25 mobile.security@samsung.com
2.4
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.4 LOW
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 25, 2021 - 17:15 nvd
LOW 2.4

DescriptionNVD

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

AnalysisAI

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-285. Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. Affected products include: Samsung Account. Version information: version 10.7.0.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-21264 CRITICAL
9.3 Jan 22

Microsoft Account has a cross-site scripting vulnerability allowing unauthenticated attackers to execute scripts in the

CVE-2021-25381 HIGH
7.8 Apr 09

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android

CVE-2022-30735 HIGH
7.5 Jun 07

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_tok

CVE-2022-30732 HIGH
7.5 Jun 07

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access

CVE-2023-42551 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version

CVE-2023-42550 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5

CVE-2023-42549 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior

CVE-2023-42548 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior

CVE-2023-42547 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prio

CVE-2023-42546 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account pr

CVE-2024-20841 MEDIUM
5.5 Mar 05

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to acc

CVE-2023-42540 MEDIUM
5.5 Nov 07

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive

Share

CVE-2021-25351 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy