CVE-2021-25527

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.

CVSS v3 3.8 LOW
CVSS v2.0 2.1 LOW

3.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:pay:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:55

Type	Values Removed	Values Added
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12 - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12 - Vendor Advisory
CVSS	v2 : ~~2.1~~ v3 : ~~3.3~~	v2 : 2.1 v3 : 3.8

26 Jun 2023, 19:05

Type	Values Removed	Values Added
CWE	~~NVD-CWE-noinfo~~	NVD-CWE-Other

Information

Published : 2021-12-08 15:15

Updated : 2024-11-21 05:55

NVD link : CVE-2021-25527

Mitre link : CVE-2021-25527

CVE.ORG link : CVE-2021-25527

JSON object : View

Products Affected

samsung

pay

CWE

CWE-926

Improper Export of Android Application Components

NVD-CWE-Other

{"id": "CVE-2021-25527", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2021-12-08T15:15:08.963", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-926"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de exportaci\u00f3n inapropiada de componentes de aplicaciones Android en Samsung Pay (s\u00f3lo en la India) versiones anteriores a 4.1.77, que permite a un atacante acceder al men\u00fa Bill Pay y Recharge sin autenticaci\u00f3n"}], "lastModified": "2024-11-21T05:55:10.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:pay:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCEFD590-985D-4B75-B61B-416D46219E14", "versionEndExcluding": "4.1.77"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}