Intent Hijacking Vulnerability in Samsung Pay
CVE-2022-36871

5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pay
Vendor: CVE Published:; 9 September 2022

Summary

An Intent hijacking vulnerability exists in NotiCenterUtils within Samsung Pay, allowing unauthorized attackers to access internal files without the proper permissions. This issue affects versions prior to 5.0.63 for the KR region and 5.1.47 globally, posing a security risk for users who have not updated their application. Attackers could exploit this vulnerability by leveraging implicit Intent, which can lead to exposure of sensitive data.

Affected Version(s)

Samsung Pay < 5.0.63 for KR and 5.1.47 for Global

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 9, 2022
Vulnerability Reserved
Jul 27, 2022