Vulnerabilities > CVE-2021-25521 - Files or Directories Accessible to External Parties vulnerability in Samsung Internet

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

samsung

CWE-552

NVD

Published: 2021-12-08

Updated: 2021-12-13

Summary

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Internet - Samsung Internet 13.2.1.46 Samsung Internet 13.2.1.70 Samsung Internet 14.0.1.20 Samsung Internet 14.0.1.62	5

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12