Skip to main content

Cloud CVE-2021-25368

HIGH
Improper Authentication (CWE-287)
2021-03-25 mobile.security@samsung.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 25, 2021 - 17:15 nvd
HIGH 7.5

DescriptionNVD

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.

AnalysisAI

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Affected products include: Samsung Cloud. Version information: version 4.7.0.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

More in Cloud

View all
CVE-2023-46214 HIGH POC
8.8 Nov 16

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet la

CVE-2018-14417 CRITICAL POC
9.8 Aug 04

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. Rated criti

CVE-2023-22951 HIGH POC
8.8 Apr 13

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2014-3476 MEDIUM POC
6.0 Jun 17

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle c

CVE-2020-15506 CRITICAL
9.8 Jul 07

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,

CVE-2019-9945 CRITICAL
9.8 Mar 23

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2025-11919 CRITICAL
9.6 Jun 26

Code execution against the shared multi-tenant Java runtime in Wolfram Cloud 14.2 is possible because the default JVM re

CVE-2023-22949 MEDIUM POC
4.9 Apr 14

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability

CVE-2013-4365 HIGH
7.5 Oct 17

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3

CVE-2023-32764 HIGH
7.8 Aug 03

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. Rated hig

CVE-2024-36982 HIGH
7.5 Jul 01

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9

CVE-2023-42578 HIGH
7.5 Dec 05

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.

Share

CVE-2021-25368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy