Improper Access Control in Samsung Pass Affects Samsung Products
CVE-2022-39892

3.6LOW

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 9 November 2022

Summary

An improper access control vulnerability exists in Samsung Pass prior to version 4.0.05.1, allowing attackers to gain unauthorized access without authentication. This vulnerability can be exploited through the 'keep open' feature, potentially leading to unauthorized exposure of sensitive user data.

Affected Version(s)

Samsung Pass < 4.0.05.1

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Sep 5, 2022