Samsung Account App
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0864 | Hig | 0.52 | 8.0 | 0.01 | Mar 27, 2017 | Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | ||
| CVE-2015-0863 | Hig | 0.52 | 8.0 | 0.01 | Mar 27, 2017 | GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | ||
| CVE-2026-20994 | Med | 0.40 | 6.1 | 0.00 | Mar 16, 2026 | URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||
| CVE-2022-25825 | Med | 0.40 | 6.2 | 0.00 | Mar 10, 2022 | Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. | ||
| CVE-2022-30735 | Med | 0.38 | 5.9 | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | ||
| CVE-2023-42551 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2023 | Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||
| CVE-2023-42550 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2023 | Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||
| CVE-2023-42549 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2023 | Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||
| CVE-2023-42548 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2023 | Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||
| CVE-2023-42547 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2023 | Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||
| CVE-2023-42546 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2023 | Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||
| CVE-2022-30732 | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2022 | Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | ||
| CVE-2021-25381 | Med | 0.36 | 5.5 | 0.00 | Apr 9, 2021 | Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||
| CVE-2022-30743 | Med | 0.34 | 5.3 | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | ||
| CVE-2022-30736 | Med | 0.34 | 5.3 | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | ||
| CVE-2024-20841 | Med | 0.33 | 5.1 | 0.00 | Mar 5, 2024 | Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. | ||
| CVE-2022-39875 | Med | 0.33 | 5.1 | 0.00 | Oct 7, 2022 | Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | ||
| CVE-2023-42540 | Med | 0.26 | 4.0 | 0.00 | Nov 7, 2023 | Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | ||
| CVE-2022-39874 | Med | 0.26 | 4.0 | 0.00 | Oct 7, 2022 | Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | ||
| CVE-2022-30739 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. |
- risk 0.52cvss 8.0epss 0.01
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
- risk 0.52cvss 8.0epss 0.01
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
- risk 0.40cvss 6.1epss 0.00
URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.
- risk 0.38cvss 5.9epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.
- risk 0.36cvss 5.5epss 0.00
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
- risk 0.36cvss 5.5epss 0.00
Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
- risk 0.36cvss 5.5epss 0.00
Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
- risk 0.36cvss 5.5epss 0.00
Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
- risk 0.36cvss 5.5epss 0.00
Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
- risk 0.36cvss 5.5epss 0.00
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
- risk 0.36cvss 5.5epss 0.01
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.
- risk 0.36cvss 5.5epss 0.00
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- risk 0.34cvss 5.3epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
- risk 0.34cvss 5.3epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
- risk 0.33cvss 5.1epss 0.00
Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
- risk 0.33cvss 5.1epss 0.00
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.
- risk 0.26cvss 4.0epss 0.00
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
- risk 0.26cvss 4.0epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.
Page 1 of 2