Improper Access Control in Samsung Pass Affects User Data Security
CVE-2023-30676

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-30676?

An improper access control vulnerability has been identified in Samsung Pass that allows physical attackers to obtain sensitive data. This security flaw exists in versions prior to 4.2.03.1, exposing users to potential unauthorized access. It is crucial for users of Samsung Pass to ensure their application is updated to mitigate risks associated with this vulnerability.

Affected Version(s)

Samsung Pass 4.2.03.1

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Apr 14, 2023