Samsung Pass vulnerabilities

CVE-2022-36851 [LOW] CWE-284 CVE-2022-36851: Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attac Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

CVE-2022-36876 [LOW] CWE-285 CVE-2022-36876: Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical att Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.

CVE-2022-30730 [MEDIUM] CWE-285 CVE-2022-30730: Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

CVE-2022-27841 [MEDIUM] CWE-703 CVE-2022-27841: Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to vi Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication

CVE-2021-25505 [LOW] CWE-287 CVE-2021-25505: Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication w Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.