How severe is CVE-2021-4438?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-4438?

This is classified as CWE-926, which is a common weakness in software security.

CVE-2021-4438 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.

Related Vulnerabilities

CVE-2021-25397

MEDIUM

CVSS:5.5(Medium)

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CWE-9262021

CVE-2021-25526

MEDIUM

CVSS:5.5(Medium)

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.

CWE-9262021

CVE-2023-20962

MEDIUM

CVSS:5.5(Medium)

In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local informatio...

CWE-9262023

CVE-2023-41827

MEDIUM

CVSS:5.1(Medium)

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.

CWE-9262023

CVE-2025-20934

MEDIUM

CVSS:5.5(Medium)

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

CWE-9262025

CVE-2023-41816

MEDIUM

CVSS:5.0(Medium)

An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.

CWE-9262023