Lucene search
HistorySep 09, 2022 - 3:15 p.m.
CVE-2022-36871
samsung pay
noticenterutils
pending intent
hijacking vulnerability
implicit intent
access files without permission
CVSS3
6.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
0
Percentile
5.1%
Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
Affected configurations
Node
samsungsamsung_payRange<5.1.47android
ORsamsungsamsung_pay_krRange<5.0.63android
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samsung | samsung_pay | * | cpe:2.3:a:samsung:samsung_pay:*:*:*:*:*:android:*:* |
| samsung | samsung_pay_kr | * | cpe:2.3:a:samsung:samsung_pay_kr:*:*:*:*:*:android:*:* |
Related
cvelist
cvelist
CVE-2022-36871
2022-09-09 14:40:01
prion
prion
Design/Logic Flaw
2022-09-09 15:15:00
cve
cve
CVE-2022-36871
2022-09-09 15:15:12
CVSS3
6.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2022-36871