Description

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

Related CPE's

a

samsung

account

2

o

google

android

2

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-200

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.3 · Low

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-06-11T13:15:09.653Z

4 years ago

Last modified

2024-11-21T04:54:55.370Z

1 year ago