Improper Access Control in Samsung Pay Mini Application
CVE-2021-25331

3.2LOW

Key Information:

Vendor: Samsung
Status: Samsung Pay Mini
Vendor: CVE Published:; 4 March 2021

What is CVE-2021-25331?

An improper access control vulnerability in the Samsung Pay mini application prior to version 4.0.14 enables unauthorized users to access sensitive balance information directly from the lockscreen under certain conditions. This vulnerability poses a risk of exposing private financial data, potentially allowing malicious actors to exploit the application without user consent. Users are urged to update to the latest version to mitigate this issue and enhance their security.

Affected Version(s)

Samsung Pay Mini < 4.0.14

References

https://security.samsungmobile.com

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021