Samsung Mobile Samsung Pass vulnerabilities

8 known vulnerabilities affecting samsung_mobile/samsung_pass.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM5LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-39910MEDIUMCVSS 4.2≥ unspecified, < 4.0.06.72022-12-08
CVE-2022-39910 [MEDIUM] CWE-284 CVE-2022-39910: Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attac Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
cvelistv5nvd
CVE-2022-39911MEDIUMCVSS 6.8≥ unspecified, < 4.0.06.12022-12-08
CVE-2022-39911 [MEDIUM] CWE-703 CVE-2022-39911: Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
cvelistv5nvd
CVE-2022-39892CRITICALCVSS 9.8≥ unspecified, < 4.0.05.12022-11-09
CVE-2022-39892 [CRITICAL] CWE-287 CVE-2022-39892: Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticate Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
cvelistv5nvd
CVE-2022-36851MEDIUMCVSS 4.6≥ unspecified, < 4.0.03.12022-09-09
CVE-2022-36851 [MEDIUM] CWE-284 CVE-2022-36851: Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attac Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
cvelistv5nvd
CVE-2022-36876LOWCVSS 2.4≥ unspecified, < 4.0.04.102022-09-09
CVE-2022-36876 [LOW] CWE-285 CVE-2022-36876: Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical att Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.
cvelistv5nvd
CVE-2022-30730MEDIUMCVSS 4.6≥ unspecified, < 4.0.00.332022-06-07
CVE-2022-30730 [MEDIUM] CWE-285 CVE-2022-30730: Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
cvelistv5nvd
CVE-2022-27841MEDIUMCVSS 4.3≥ -, < 3.0.07.52022-04-11
CVE-2022-27841 [MEDIUM] CWE-703 CVE-2022-27841: Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to vi Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
cvelistv5nvd
CVE-2021-25505HIGHCVSS 7.8≥ -, < 3.0.02.42021-11-05
CVE-2021-25505 [HIGH] CWE-287 CVE-2021-25505: Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication w Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
cvelistv5nvd