Vulnerabilities > CVE-2021-25506 - Incorrect Authorization vulnerability in Samsung Health

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

samsung

CWE-863

NVD

Published: 2021-11-05

Updated: 2021-11-09

Summary

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Health *	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11