CVE-2022-36876Improper Authorization in Mobile Samsung Pass

CWE-285Improper AuthorizationCWE-863Incorrect Authorization3 documents3 sources
Severity
2.4LOWNVD
CNA1.8
EPSS
0.1%
top 76.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung PassSamsung Pass
Timeline
PublishedSep 9
Latest updateSep 10

Description

Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/samsung_pass< 4.0.04.10
CVEListV5samsung_mobile/samsung_passunspecified4.0.04.10

🔴Vulnerability Details

2
GHSA
GHSA-7xcr-6p4f-q66v: Improper authorization in UPI payment in Samsung Pass prior to version 42022-09-10
CVEList
CVE-2022-36876: Improper authorization in UPI payment in Samsung Pass prior to version 42022-09-09
CVE-2022-36876 — Improper Authorization | cvebase