CVE-2021-25527Improper Export of Android Application Components in Mobile Samsung PAY

CWE-926Improper Export of Android Application Components3 documents3 sources
Severity
3.3LOWNVD
CNA3.8
EPSS
0.1%
top 82.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung PAYSamsung PAY
Timeline
PublishedDec 8
Latest updateDec 9

Description

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/pay< 4.1.77
CVEListV5samsung_mobile/samsung_pay-4.1.77

🔴Vulnerability Details

2
GHSA
GHSA-g7qh-99q7-56qv: Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 42021-12-09
CVEList
CVE-2021-25527: Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 42021-12-08
CVE-2021-25527 — Mobile Samsung PAY vulnerability | cvebase