CVE-2021-25332

CWE-200Information Exposure3 documents3 sources
Severity
2.4LOW
EPSS
0.1%
top 78.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung PAY MiniSamsung PAY Mini
Timeline
PublishedMar 4
Latest updateMay 24

Description

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:LExploitability: 0.7 | Impact: 2.5

Affected Packages2 packages

NVDsamsung/pay_mini< 4.0.14
CVEListV5samsung_mobile/samsung_pay_miniunspecified4.0.14

🔴Vulnerability Details

2
GHSA
GHSA-phv2-f2vc-9gf8: Improper access control in Samsung Pay mini application prior to v42022-05-24
CVEList
CVE-2021-25332: Improper access control in Samsung Pay mini application prior to v42021-03-04
CVE-2021-25332 (LOW CVSS 2.4) | Improper access control in Samsung | cvebase.io