Vulnerabilities > CVE-2021-25432 - Exposure of Resource to Wrong Sphere vulnerability in Samsung Members

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

samsung

CWE-668

NVD

Published: 2021-07-08

Updated: 2021-07-12

Summary

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Samsung Members 1.2.16 Samsung Samsung Members 1.7.07 Samsung Samsung Members 1.8.09 Samsung Samsung Members 1.8.12 Samsung Samsung Members 1.8.21 Samsung Samsung Members 1.8.27 Samsung Samsung Members 1.8.30 Samsung Samsung Members 1.8.66 Samsung Samsung Members 1.8.67 Samsung Samsung Members 1.8.74 Samsung Samsung Members 2.0.51 Samsung Samsung Members 2.0.56 Samsung Samsung Members 2.0.57 Samsung Samsung Members 2.0.63 Samsung Samsung Members 2.0.64 Samsung Samsung Members 2.0.81 Samsung Samsung Members 2.0.89 Samsung Samsung Members 2.0.93 Samsung Samsung Members 2.0.97 Samsung Samsung Members 2.0.99 Samsung Samsung Members 2.2.05 Samsung Samsung Members 2.2.10 Samsung Samsung Members 2.4.00 Samsung Samsung Members 2.4.06 Samsung Samsung Members 2.4.07 Samsung Samsung Members 2.4.23 Samsung Samsung Members 2.4.25 Samsung Samsung Members 2.4.60.3 Samsung Samsung Members 2.4.60.5 Samsung Samsung Members 2.4.61.2 Samsung Samsung Members 2.4.62.7 Samsung Samsung Members 2.4.70.6 Samsung Samsung Members 2.4.70.11 Samsung Samsung Members 3.9.10.11	34
OS	Google Google Android *	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7