CVE-2021-25333

3.2LOW

Key Information:

Vendor: Samsung
Status: Samsung Pay Mini
Vendor: CVE Published:; 4 March 2021

Summary

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.

Affected Version(s)

Samsung Pay Mini < 4.0.14

References

https://security.samsungmobile.com

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021