Samsung Pass vulnerabilities

10 known vulnerabilities affecting samsung/pass.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2024-49405MEDIUMCVSS 4.6fixed in 4.4.04.72024-11-06
CVE-2024-49405 [MEDIUM] CVE-2024-49405: Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
nvd
CVE-2023-42576MEDIUMCVSS 6.8fixed in 4.3.00.172023-12-05
CVE-2023-42576 [MEDIUM] CWE-287 CVE-2023-42576: Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical att Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.
nvd
CVE-2023-42575MEDIUMCVSS 6.8fixed in 4.3.00.172023-12-05
CVE-2023-42575 [MEDIUM] CWE-863 CVE-2023-42575: Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical att Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
nvd
CVE-2023-42554MEDIUMCVSS 6.8fixed in 4.3.00.172023-11-07
CVE-2023-42554 [MEDIUM] CWE-287 CVE-2023-42554: Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical atta Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.
nvd
CVE-2023-30677MEDIUMCVSS 4.6fixed in 4.2.03.12023-07-06
CVE-2023-30677 [MEDIUM] CVE-2023-30677: Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical atta Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.
nvd
CVE-2023-30676MEDIUMCVSS 4.6fixed in 4.2.03.12023-07-06
CVE-2023-30676 [MEDIUM] CVE-2023-30676: Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical atta Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.
nvd
CVE-2023-30675MEDIUMCVSS 5.5fixed in 4.2.03.12023-07-06
CVE-2023-30675 [MEDIUM] CWE-287 CVE-2023-30675: Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access st Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.
nvd
CVE-2022-39910MEDIUMCVSS 4.2fixed in 4.0.06.72022-12-08
CVE-2022-39910 [LOW] CWE-284 CVE-2022-39910: Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attac Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
nvd
CVE-2022-39911MEDIUMCVSS 6.8fixed in 4.0.06.12022-12-08
CVE-2022-39911 [MEDIUM] CWE-703 CVE-2022-39911: Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
nvd
CVE-2022-39892CRITICALCVSS 9.8fixed in 4.0.05.12022-11-09
CVE-2022-39892 [LOW] CWE-287 CVE-2022-39892: Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticate Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
nvd