Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
30 vulnerabilities found for Samsung pass by Samsung Mobile
CVE-2024-49405 (GCVE-0-2024-49405)
Vulnerability from nvd – Published: 2024-11-06 02:17 – Updated: 2024-11-06 11:15
VLAI?
Summary
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.4.04.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T11:14:59.353335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T11:15:06.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.4.04.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T02:17:23.333Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-49405",
"datePublished": "2024-11-06T02:17:23.333Z",
"dateReserved": "2024-10-15T05:26:08.659Z",
"dateUpdated": "2024-11-06T11:15:06.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42576 (GCVE-0-2023-42576)
Vulnerability from nvd – Published: 2023-12-05 02:44 – Updated: 2025-06-05 13:17
VLAI?
Summary
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.
Severity ?
5.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.3.00.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T13:33:42.396227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T13:17:57.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": " 4.3.00.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T02:44:33.979Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2023-42576",
"datePublished": "2023-12-05T02:44:33.979Z",
"dateReserved": "2023-09-11T23:55:08.357Z",
"dateUpdated": "2025-06-05T13:17:57.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42575 (GCVE-0-2023-42575)
Vulnerability from nvd – Published: 2023-12-05 02:44 – Updated: 2024-10-15 17:37
VLAI?
Summary
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
Severity ?
5.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.3.00.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:14:59.336346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:37:51.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": " 4.3.00.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T02:44:32.854Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2023-42575",
"datePublished": "2023-12-05T02:44:32.854Z",
"dateReserved": "2023-09-11T23:55:08.356Z",
"dateUpdated": "2024-10-15T17:37:51.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42554 (GCVE-0-2023-42554)
Vulnerability from nvd – Published: 2023-11-07 07:49 – Updated: 2025-03-06 15:29
VLAI?
Summary
Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.
Severity ?
5.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.3.00.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:26:40.311194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T15:29:42.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.3.00.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T07:49:53.338Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-42554",
"datePublished": "2023-11-07T07:49:53.338Z",
"dateReserved": "2023-09-11T23:55:08.351Z",
"dateUpdated": "2025-03-06T15:29:42.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30677 (GCVE-0-2023-30677)
Vulnerability from nvd – Published: 2023-07-06 02:51 – Updated: 2024-11-19 18:57
VLAI?
Summary
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.
Severity ?
6.1 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.2.03.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T18:57:40.767743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:57:50.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.2.03.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T02:51:50.242Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30677",
"datePublished": "2023-07-06T02:51:50.242Z",
"dateReserved": "2023-04-14T01:59:51.120Z",
"dateUpdated": "2024-11-19T18:57:50.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30676 (GCVE-0-2023-30676)
Vulnerability from nvd – Published: 2023-07-06 02:51 – Updated: 2024-10-24 14:36
VLAI?
Summary
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.
Severity ?
4.6 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.2.03.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:52.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T14:36:11.161860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T14:36:27.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.2.03.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T02:51:49.309Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30676",
"datePublished": "2023-07-06T02:51:49.309Z",
"dateReserved": "2023-04-14T01:59:51.120Z",
"dateUpdated": "2024-10-24T14:36:27.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30675 (GCVE-0-2023-30675)
Vulnerability from nvd – Published: 2023-07-06 02:51 – Updated: 2024-10-24 14:36
VLAI?
Summary
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.
Severity ?
6.2 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.2.03.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T14:36:16.876902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T14:36:43.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.2.03.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T02:51:48.349Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30675",
"datePublished": "2023-07-06T02:51:48.349Z",
"dateReserved": "2023-04-14T01:59:51.119Z",
"dateUpdated": "2024-10-24T14:36:43.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39911 (GCVE-0-2022-39911)
Vulnerability from nvd – Published: 2022-12-08 00:00 – Updated: 2025-04-23 15:24
VLAI?
Summary
Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
Severity ?
4.8 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.06.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:24:22.056935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:24:29.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.06.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39911",
"datePublished": "2022-12-08T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-04-23T15:24:29.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39910 (GCVE-0-2022-39910)
Vulnerability from nvd – Published: 2022-12-08 00:00 – Updated: 2025-04-23 15:24
VLAI?
Summary
Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.06.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:24:41.759875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:24:49.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.06.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39910",
"datePublished": "2022-12-08T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-04-23T15:24:49.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39892 (GCVE-0-2022-39892)
Vulnerability from nvd – Published: 2022-11-09 00:00 – Updated: 2025-05-01 19:29
VLAI?
Summary
Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.05.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:29:44.340335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:29:53.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.05.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=11"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39892",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:29:53.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36876 (GCVE-0-2022-36876)
Vulnerability from nvd – Published: 2022-09-09 14:39 – Updated: 2024-08-03 10:14
VLAI?
Summary
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.04.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.04.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T16:41:16.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "4.0.04.10"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-36876",
"datePublished": "2022-09-09T14:39:58.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:14:29.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36851 (GCVE-0-2022-36851)
Vulnerability from nvd – Published: 2022-09-09 14:40 – Updated: 2024-08-03 10:14
VLAI?
Summary
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung pass |
Affected:
unspecified , < 4.0.03.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:28.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.03.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T16:46:03.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "4.0.03.1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-36851",
"datePublished": "2022-09-09T14:40:05.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:14:28.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30730 (GCVE-0-2022-30730)
Vulnerability from nvd – Published: 2022-06-07 18:04 – Updated: 2024-08-03 06:56
VLAI?
Summary
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
Severity ?
4.6 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.00.33
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.00.33",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T18:04:57.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-30730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.00.33"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-30730",
"datePublished": "2022-06-07T18:04:57.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:14.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27841 (GCVE-0-2022-27841)
Vulnerability from nvd – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:41
VLAI?
Summary
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
Severity ?
4.3 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
- , < 3.0.07.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:09.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.0.07.5",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:33.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-27841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "3.0.07.5"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-27841",
"datePublished": "2022-04-11T19:37:33.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:41:09.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25505 (GCVE-0-2021-25505)
Vulnerability from nvd – Published: 2021-11-05 02:03 – Updated: 2024-08-03 20:03
VLAI?
Summary
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
- , < 3.0.02.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.0.02.4",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T02:03:51.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "3.0.02.4"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25505",
"datePublished": "2021-11-05T02:03:51.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49405 (GCVE-0-2024-49405)
Vulnerability from cvelistv5 – Published: 2024-11-06 02:17 – Updated: 2024-11-06 11:15
VLAI?
Summary
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.4.04.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T11:14:59.353335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T11:15:06.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.4.04.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T02:17:23.333Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-49405",
"datePublished": "2024-11-06T02:17:23.333Z",
"dateReserved": "2024-10-15T05:26:08.659Z",
"dateUpdated": "2024-11-06T11:15:06.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42576 (GCVE-0-2023-42576)
Vulnerability from cvelistv5 – Published: 2023-12-05 02:44 – Updated: 2025-06-05 13:17
VLAI?
Summary
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.
Severity ?
5.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.3.00.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T13:33:42.396227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T13:17:57.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": " 4.3.00.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T02:44:33.979Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2023-42576",
"datePublished": "2023-12-05T02:44:33.979Z",
"dateReserved": "2023-09-11T23:55:08.357Z",
"dateUpdated": "2025-06-05T13:17:57.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42575 (GCVE-0-2023-42575)
Vulnerability from cvelistv5 – Published: 2023-12-05 02:44 – Updated: 2024-10-15 17:37
VLAI?
Summary
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
Severity ?
5.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.3.00.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:14:59.336346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:37:51.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": " 4.3.00.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T02:44:32.854Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2023-42575",
"datePublished": "2023-12-05T02:44:32.854Z",
"dateReserved": "2023-09-11T23:55:08.356Z",
"dateUpdated": "2024-10-15T17:37:51.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42554 (GCVE-0-2023-42554)
Vulnerability from cvelistv5 – Published: 2023-11-07 07:49 – Updated: 2025-03-06 15:29
VLAI?
Summary
Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.
Severity ?
5.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.3.00.17
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:26:40.311194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T15:29:42.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.3.00.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T07:49:53.338Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-42554",
"datePublished": "2023-11-07T07:49:53.338Z",
"dateReserved": "2023-09-11T23:55:08.351Z",
"dateUpdated": "2025-03-06T15:29:42.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30677 (GCVE-0-2023-30677)
Vulnerability from cvelistv5 – Published: 2023-07-06 02:51 – Updated: 2024-11-19 18:57
VLAI?
Summary
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.
Severity ?
6.1 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.2.03.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T18:57:40.767743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:57:50.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.2.03.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T02:51:50.242Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30677",
"datePublished": "2023-07-06T02:51:50.242Z",
"dateReserved": "2023-04-14T01:59:51.120Z",
"dateUpdated": "2024-11-19T18:57:50.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30676 (GCVE-0-2023-30676)
Vulnerability from cvelistv5 – Published: 2023-07-06 02:51 – Updated: 2024-10-24 14:36
VLAI?
Summary
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.
Severity ?
4.6 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.2.03.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:52.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T14:36:11.161860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T14:36:27.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.2.03.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T02:51:49.309Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30676",
"datePublished": "2023-07-06T02:51:49.309Z",
"dateReserved": "2023-04-14T01:59:51.120Z",
"dateUpdated": "2024-10-24T14:36:27.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30675 (GCVE-0-2023-30675)
Vulnerability from cvelistv5 – Published: 2023-07-06 02:51 – Updated: 2024-10-24 14:36
VLAI?
Summary
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.
Severity ?
6.2 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Unaffected:
4.2.03.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T14:36:16.876902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T14:36:43.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.2.03.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287: Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T02:51:48.349Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-30675",
"datePublished": "2023-07-06T02:51:48.349Z",
"dateReserved": "2023-04-14T01:59:51.119Z",
"dateUpdated": "2024-10-24T14:36:43.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39911 (GCVE-0-2022-39911)
Vulnerability from cvelistv5 – Published: 2022-12-08 00:00 – Updated: 2025-04-23 15:24
VLAI?
Summary
Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
Severity ?
4.8 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.06.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:24:22.056935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:24:29.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.06.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39911",
"datePublished": "2022-12-08T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-04-23T15:24:29.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39910 (GCVE-0-2022-39910)
Vulnerability from cvelistv5 – Published: 2022-12-08 00:00 – Updated: 2025-04-23 15:24
VLAI?
Summary
Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.06.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:24:41.759875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:24:49.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.06.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39910",
"datePublished": "2022-12-08T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-04-23T15:24:49.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39892 (GCVE-0-2022-39892)
Vulnerability from cvelistv5 – Published: 2022-11-09 00:00 – Updated: 2025-05-01 19:29
VLAI?
Summary
Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.05.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T19:29:44.340335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:29:53.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.05.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=11"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39892",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-05-01T19:29:53.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36851 (GCVE-0-2022-36851)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:40 – Updated: 2024-08-03 10:14
VLAI?
Summary
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung pass |
Affected:
unspecified , < 4.0.03.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:28.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.03.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T16:46:03.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "4.0.03.1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-36851",
"datePublished": "2022-09-09T14:40:05.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:14:28.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36876 (GCVE-0-2022-36876)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-08-03 10:14
VLAI?
Summary
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.04.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.04.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T16:41:16.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "4.0.04.10"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-36876",
"datePublished": "2022-09-09T14:39:58.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:14:29.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30730 (GCVE-0-2022-30730)
Vulnerability from cvelistv5 – Published: 2022-06-07 18:04 – Updated: 2024-08-03 06:56
VLAI?
Summary
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
Severity ?
4.6 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
unspecified , < 4.0.00.33
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.0.00.33",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T18:04:57.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-30730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.0.00.33"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-30730",
"datePublished": "2022-06-07T18:04:57.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:14.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27841 (GCVE-0-2022-27841)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:41
VLAI?
Summary
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
Severity ?
4.3 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
- , < 3.0.07.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:09.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.0.07.5",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:33.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-27841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "3.0.07.5"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-27841",
"datePublished": "2022-04-11T19:37:33.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:41:09.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25505 (GCVE-0-2021-25505)
Vulnerability from cvelistv5 – Published: 2021-11-05 02:03 – Updated: 2024-08-03 20:03
VLAI?
Summary
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Pass |
Affected:
- , < 3.0.02.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Pass",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "3.0.02.4",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T02:03:51.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Pass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "3.0.02.4"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=11"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25505",
"datePublished": "2021-11-05T02:03:51.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}