Skip to main content

Account CVE-2021-25381

HIGH
Improper Authorization (CWE-285)
2021-04-09 mobile.security@samsung.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 09, 2021 - 18:15 nvd
HIGH 7.8

DescriptionNVD

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

AnalysisAI

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-285. Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Affected products include: Samsung Account.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-21264 CRITICAL
9.3 Jan 22

Microsoft Account has a cross-site scripting vulnerability allowing unauthenticated attackers to execute scripts in the

CVE-2022-30735 HIGH
7.5 Jun 07

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_tok

CVE-2022-30732 HIGH
7.5 Jun 07

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access

CVE-2023-42551 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version

CVE-2023-42550 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5

CVE-2023-42549 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior

CVE-2023-42548 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior

CVE-2023-42547 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prio

CVE-2023-42546 MEDIUM
6.5 Nov 07

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account pr

CVE-2024-20841 MEDIUM
5.5 Mar 05

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to acc

CVE-2023-42540 MEDIUM
5.5 Nov 07

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive

CVE-2022-39874 MEDIUM
5.5 Oct 07

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthori

Share

CVE-2021-25381 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy