Improper Access Control in Samsung Pay Mini Application
CVE-2021-25333

3.2LOW

Key Information:

Vendor: Samsung
Status: Samsung Pay Mini
Vendor: CVE Published:; 4 March 2021

What is CVE-2021-25333?

The Samsung Pay mini application experienced a flaw due to improper access control, which permitted unauthorized users to access sensitive balance information on the lock screen by scanning specific QR codes. This vulnerability underscores the importance of robust security controls within mobile applications to protect user data from unintended exposure.

Affected Version(s)

Samsung Pay Mini < 4.0.14

References

https://security.samsungmobile.com

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2021
Vulnerability Reserved
Jan 19, 2021