Description
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low
Affected products
- Samsung Mobile / Samsung Pay Miniunspecified – 4.0.14