Description
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/
Vendor Advisory x_refsource_confirm
https://security.samsungmobile.com/serviceWeb.smsb
Scores
CVSS v3
6.5
EPSS
0.0120
EPSS Percentile
64.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
CWE-200
Status
published
Products (1)
samsung/email
< 6.1.14.0
Published
Apr 09, 2021
Tracked Since
Feb 18, 2026