CVE-2021-25333

Published: Mar 4, 2021Modified: Nov 21, 2024

2.4

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.

Affected (1)

Products: Samsung: Pay Mini

Samsung

1 product

Pay Mini

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Pay Mini	Before 4.0.14

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://security.samsungmobile.com

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.