4.0.03.1

CVSS 2.4 - LOW

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

low complexity

samsung

NVD

Published: 2022-09-09

Updated: 2023-06-27

Summary

Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Samsung Pass - Samsung Samsung Pass 3.0.02.4 Samsung Samsung Pass 3.7.07.5 Samsung Samsung Pass 4.0.03.1	4

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09