CVE-2021-25527

Published: Dec 8, 2021Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.

Affected (1)

Products: Samsung: Pay

Samsung

1 product

Pay

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Pay	Before 4.1.77

Related CWEs

CWE-926

Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=12

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.