Lilly Chapman

**Name of the Vulnerable Software and Affected Versions** Samsung Pay versions prior to 4.1.77 **Description** The issue allows an attacker to access the Bill Pay and Recharge menu without authentication due to improper export of Android application components. This affects Samsung Pay in India. **Recommendations** For versions prior to 4.1.77, update to version 4.1.77 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Flow versions prior to 4.8.03.5 **Description** The issue concerns an improper authorization vulnerability. It allows a Samsung Flow PC application connected to a user's device to access part of the notification data in the Secure Folder without proper authorization. **Recommendations** For versions prior to 4.8.03.5, update to version 4.8.03.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SmartThings versions prior to 1.7.73.22 **Description** The issue is related to improper privilege management in the API Key used in SmartThings, allowing an attacker to abuse the API key without limitation. **Recommendations** For versions prior to 1.7.73.22, update to version 1.7.73.22 or later to resolve the issue.