Cloud
CVE-2021-25368
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
AnalysisAI
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Affected products include: Samsung Cloud. Version information: version 4.7.0.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet la
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. Rated criti
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated high severity (CVSS 8.8), this vulnerability is
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle c
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is
Code execution against the shared multi-tenant Java runtime in Wolfram Cloud 14.2 is possible because the default JVM re
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. Rated hig
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today