PT-2021-16527 · Samsung · Samsung Pay Mini

Published

2021-03-04

Updated

2021-03-11

CVE-2021-25333

CVSS v3.1

3.2

Low

Vector

AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Samsung Pay mini application versions prior to 4.0.14

Description: The issue is related to improper access control, allowing unauthorized access to balance information over the lockscreen by scanning a specific QR code.

Recommendations: For versions prior to 4.0.14, update to version 4.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the lockscreen or disabling the QR code scanning feature in the Samsung Pay mini application until the update is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-25333

Affected Products

Samsung Pay Mini

PT-2021-16527 · Samsung · Samsung Pay Mini

CVE-2021-25333

Weakness Enumeration

Related Identifiers

Affected Products

References · 5