Samsung Account App
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30737 | Med | 0.26 | 4.0 | 0.01 | Jun 7, 2022 | Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. | ||
| CVE-2022-30734 | Med | 0.26 | 4.0 | 0.01 | Jun 7, 2022 | Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||
| CVE-2022-30733 | Med | 0.26 | 4.0 | 0.01 | Jun 7, 2022 | Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||
| CVE-2022-39863 | Low | 0.23 | 3.6 | 0.00 | Oct 7, 2022 | Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | ||
| CVE-2023-42572 | Low | 0.21 | 3.3 | 0.00 | Dec 5, 2023 | Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. | ||
| CVE-2021-25403 | Low | 0.21 | 3.3 | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. | ||
| CVE-2021-25351 | Low | 0.21 | 3.2 | 0.00 | Mar 25, 2021 | Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | ||
| CVE-2021-25350 | Low | 0.13 | 2.0 | 0.00 | Mar 25, 2021 | Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | ||
| CVE-2025-58487 | 0.00 | — | 0.00 | Dec 2, 2025 | Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege. | |||
| CVE-2025-58486 | 0.00 | — | 0.00 | Dec 2, 2025 | Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script. | |||
| CVE-2025-21076 | 0.00 | — | 0.00 | Nov 5, 2025 | Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability. | |||
| CVE-2023-21481 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. | |||
| CVE-2025-21010 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. |
- risk 0.26cvss 4.0epss 0.01
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID.
- risk 0.26cvss 4.0epss 0.01
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
- risk 0.26cvss 4.0epss 0.01
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
- risk 0.23cvss 3.6epss 0.00
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.
- risk 0.21cvss 3.3epss 0.00
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.
- risk 0.21cvss 3.3epss 0.00
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
- risk 0.21cvss 3.2epss 0.00
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
- risk 0.13cvss 2.0epss 0.00
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
- CVE-2025-58487Dec 2, 2025risk 0.00cvss —epss 0.00
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
- CVE-2025-58486Dec 2, 2025risk 0.00cvss —epss 0.00
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
- CVE-2025-21076Nov 5, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
- CVE-2023-21481Sep 3, 2025risk 0.00cvss —epss 0.00
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
- CVE-2025-21010Aug 6, 2025risk 0.00cvss —epss 0.00
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
Page 2 of 2