CVE-2021-25333

CWE-200Information Exposure3 documents3 sources
Severity
2.4LOW
EPSS
0.1%
top 80.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung PAY MiniSamsung PAY Mini
Timeline
PublishedMar 4
Latest updateMay 24

Description

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:LExploitability: 0.7 | Impact: 2.5

Affected Packages2 packages

NVDsamsung/pay_mini< 4.0.14
CVEListV5samsung_mobile/samsung_pay_miniunspecified4.0.14

🔴Vulnerability Details

2
GHSA
GHSA-2wcq-89pp-jvvv: Improper access control in Samsung Pay mini application prior to v42022-05-24
CVEList
CVE-2021-25333: Improper access control in Samsung Pay mini application prior to v42021-03-04
CVE-2021-25333 (LOW CVSS 2.4) | Improper access control in Samsung | cvebase.io