CVE-2021-25343

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
04/03/2021
Last modified:
11/03/2021

Description

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:samsung:members:*:*:*:*:*:*:*:* 2.4.81.13 (excluding)
cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*
cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*
cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*