Sign-up

ID

VAR-202111-0048


CVE

CVE-2021-25507


TITLE

Samsung Flow mobile  Vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2021-014727

DESCRIPTION

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. Samsung Flow mobile An unspecified vulnerability exists in the application.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-25507 // JVNDB: JVNDB-2021-014727

AFFECTED PRODUCTS

vendor:samsungmodel:flowscope:ltversion:4.8.03.5

Trust: 1.0

vendor:サムスンmodel:samsung flowscope:eqversion:4.8.03.5

Trust: 0.8

vendor:サムスンmodel:samsung flowscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014727 // NVD: CVE-2021-25507

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-25507
value: MEDIUM

Trust: 1.8

mobile.security@samsung.com: CVE-2021-25507
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202111-481
value: MEDIUM

Trust: 0.6

NVD:
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-25507
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-014727
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-014727 // NVD: CVE-2021-25507 // NVD: CVE-2021-25507 // CNNVD: CNNVD-202111-481

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-014727 // NVD: CVE-2021-25507

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202111-481

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-481

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-25507

PATCH
title:Security Updates (NOV-2021 Updates)url:https://security.samsungmobile.com/serviceweb.smsb?year=2021&month=11
Trust: 0.8
title:Samsung Flow Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169069
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-014727 // 
            
            
            
            CNNVD: CNNVD-202111-481

EXTERNAL IDS
db:NVDid:CVE-2021-25507
Trust: 3.2
db:JVNDBid:JVNDB-2021-014727
Trust: 0.8
db:CNNVDid:CNNVD-202111-481
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-014727 // 
            
            
            
            NVD: CVE-2021-25507 // 
            
            
            
            CNNVD: CNNVD-202111-481

REFERENCES
url:https://security.samsungmobile.com/serviceweb.smsb?year=2021&month=11
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-25507
Trust: 1.4
sources:
            
            
            JVNDB: JVNDB-2021-014727 // 
            
            
            
            NVD: CVE-2021-25507 // 
            
            
            
            CNNVD: CNNVD-202111-481

SOURCES
db:JVNDBid:JVNDB-2021-014727
db:NVDid:CVE-2021-25507
db:CNNVDid:CNNVD-202111-481

LAST UPDATE DATE
2023-12-18T13:17:41.627000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-014727date:2022-10-26T04:53:00
db:NVDid:CVE-2021-25507date:2022-07-25T10:55:54.810
db:CNNVDid:CNNVD-202111-481date:2022-07-15T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-014727date:2022-10-26T00:00:00
db:NVDid:CVE-2021-25507date:2021-11-05T03:15:11.587
db:CNNVDid:CNNVD-202111-481date:2021-11-05T00:00:00