Intent Hijacking Vulnerability in Samsung Pay
CVE-2022-36871

5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pay
Vendor: CVE Published:; 9 September 2022

What is CVE-2022-36871?

An Intent hijacking vulnerability exists in NotiCenterUtils within Samsung Pay, allowing unauthorized attackers to access internal files without the proper permissions. This issue affects versions prior to 5.0.63 for the KR region and 5.1.47 globally, posing a security risk for users who have not updated their application. Attackers could exploit this vulnerability by leveraging implicit Intent, which can lead to exposure of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Samsung Pay < 5.0.63 for KR and 5.1.47 for Global

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 9, 2022
Vulnerability Reserved
Jul 27, 2022

JSON

Samsung