Improper Access Control in Samsung Pay Mini Application
CVE-2021-25332

3.2LOW

Key Information:

Vendor: Samsung
Status: Samsung Pay Mini
Vendor: CVE Published:; 4 March 2021

What is CVE-2021-25332?

The Samsung Pay mini application is vulnerable due to improper access control, allowing unauthorized access to users' contacts information when specific conditions are met, even over the lockscreen. This vulnerability poses a significant risk as it may expose sensitive personal data unnecessarily, emphasizing the importance of robust security measures in mobile applications.

Affected Version(s)

Samsung Pay Mini < 4.0.14

References

https://security.samsungmobile.com

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021