Improper Access Control in Samsung Pay Mini Application
CVE-2021-25332

3.2LOW

Key Information:

Vendor: Samsung
Status: Samsung Pay Mini
Vendor: CVE Published:; 4 March 2021

What is CVE-2021-25332?

The Samsung Pay mini application is vulnerable due to improper access control, allowing unauthorized access to users' contacts information when specific conditions are met, even over the lockscreen. This vulnerability poses a significant risk as it may expose sensitive personal data unnecessarily, emphasizing the importance of robust security measures in mobile applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Samsung Pay Mini < 4.0.14

References

https://security.samsungmobile.com

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021

JSON

Samsung