CVE-2022-36870

Published: Sep 9, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

Affected (2)

Products: Samsung: Samsung Pay, Samsung Pay Kr

Samsung

2 products

Samsung Pay

Samsung Pay Kr

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Samsung Samsung Pay	Before 5.1.47
Samsung Samsung Pay Kr	Before 5.0.63

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.