2021-01-19 23:03:38 +00:00
{
"CVE_data_meta" : {
2021-07-08 14:00:50 +00:00
"ASSIGNER" : "mobile.security@samsung.com" ,
2021-01-19 23:03:38 +00:00
"ID" : "CVE-2021-25438" ,
2021-07-08 14:00:50 +00:00
"STATE" : "PUBLIC"
2021-01-19 23:03:38 +00:00
} ,
2021-07-08 14:00:50 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Samsung Members" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_name" : "-" ,
"version_value" : "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above"
}
]
}
}
]
} ,
"vendor_name" : "Samsung Mobile"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2021-01-19 23:03:38 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2021-07-08 14:00:50 +00:00
"value" : "Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview."
2021-01-19 23:03:38 +00:00
}
]
2021-07-08 14:00:50 +00:00
} ,
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-284 Improper Access Control"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "MISC" ,
"url" : "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" ,
"name" : "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7"
}
]
} ,
"source" : {
"discovery" : "UNKNOWN"
2021-01-19 23:03:38 +00:00
}
}
