Health
CVE-2021-25506
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
AnalysisAI
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. Affected products include: Samsung Health. Version information: prior to 6.19.1.0001.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrar
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. R
Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung He
PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows loc
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exp
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary docume
Same weakness CWE-287 – Improper Authentication
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today