CVE-2022-36872

CWE-2853 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 82.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Samsung PAY Samsung Samsung PAY Samsung Samsung PAY KR

Timeline

PublishedSep 9

Latest updateSep 10

Description

Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:LExploitability: 1.8 | Impact: 2.7

Affected Packages3 packages

▶NVDsamsung/samsung_pay< 5.1.47

▶NVDsamsung/samsung_pay_kr< 5.0.63

▶CVEListV5samsung_mobile/samsung_payunspecified — 5.0.63 for KR and 5.1.47 for Global

🔴Vulnerability Details

GHSA

GHSA-w6mf-x3g4-2c26: Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5↗2022-09-10

▶

CVEList

CVE-2022-36872: Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5↗2022-09-09

▶