CVE-2021-25331

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.

CVSS v3 3.2 LOW
CVSS v2.0 1.9 LOW

3.2^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.7 / Impact : 2.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.samsungmobile.com	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb	Vendor Advisory
https://security.samsungmobile.com	Vendor Advisory
https://security.samsungmobile.com/serviceWeb.smsb	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:pay_mini:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:54

Type	Values Removed	Values Added
CVSS	v2 : ~~1.9~~ v3 : ~~2.4~~	v2 : 1.9 v3 : 3.2
References	~~() https://security.samsungmobile.com - Vendor Advisory~~	() https://security.samsungmobile.com - Vendor Advisory
References	~~() https://security.samsungmobile.com/serviceWeb.smsb - Vendor Advisory~~	() https://security.samsungmobile.com/serviceWeb.smsb - Vendor Advisory

Information

Published : 2021-03-04 21:15

Updated : 2024-11-21 05:54

NVD link : CVE-2021-25331

Mitre link : CVE-2021-25331

CVE.ORG link : CVE-2021-25331

JSON object : View

Products Affected

samsung

pay_mini

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-25331", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.2, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2021-03-04T21:15:13.057", "references": [{"url": "https://security.samsungmobile.com", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}, {"url": "https://security.samsungmobile.com", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.samsungmobile.com/serviceWeb.smsb", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition."}, {"lang": "es", "value": "Un control de acceso inapropiado en la aplicaci\u00f3n Samsung Pay mini versi\u00f3n anterior a v4.0.14, permite el acceso no autorizado a la informaci\u00f3n del saldo en la pantalla de bloqueo en condiciones espec\u00edficas"}], "lastModified": "2024-11-21T05:54:46.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:pay_mini:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8682C73B-FDE2-44DD-9DD4-AC1F3A4AEF5F", "versionEndExcluding": "4.0.14"}], "operator": "OR"}]}], "sourceIdentifier": "mobile.security@samsung.com"}