Samsung Account App
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0864 | Hig | 0.52 | 8.0 | 0.00 | Mar 27, 2017 | Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | ||
| CVE-2015-0863 | Hig | 0.52 | 8.0 | 0.00 | Mar 27, 2017 | GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | ||
| CVE-2026-20994 | Med | 0.45 | — | 0.00 | Mar 16, 2026 | URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||
| CVE-2025-58487 | 0.00 | — | 0.00 | Dec 2, 2025 | Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege. | |||
| CVE-2025-21076 | 0.00 | — | 0.00 | Nov 5, 2025 | Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21010 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. | |||
| CVE-2025-20998 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number. |
- risk 0.52cvss 8.0epss 0.00
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
- risk 0.52cvss 8.0epss 0.00
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
- risk 0.45cvss —epss 0.00
URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
- CVE-2025-58487Dec 2, 2025risk 0.00cvss —epss 0.00
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
- CVE-2025-21076Nov 5, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
- CVE-2025-21010Aug 6, 2025risk 0.00cvss —epss 0.00
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
- CVE-2025-20998Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.