Contacts
CVE-2021-25524
LOW
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
AnalysisAI
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-922. Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Affected products include: Samsung Contacts. Version information: version 12.7.05.24.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Nextcloud is an open-source, self-hosted productivity platform. Rated medium severity (CVSS 5.4), this vulnerability is
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a s
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Rated medi
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. Rated medi
Same weakness CWE-922 – Insecure Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today