Lucene search

Samsung MobileCVELIST:CVE-2022-36876

HistorySep 09, 2022 - 2:39 p.m.

CVE-2022-36876

2022-09-0914:39:58

CWE-285

Samsung Mobile

www.cve.org

cve-2022-36876

upi payment

samsung pass

authentication

physical attackers

account access

CVSS3

1.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.

CNA Affected

[
  {
    "product": "Samsung Pass",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "4.0.04.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

CVSS3

1.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

Related for CVELIST:CVE-2022-36876