Samsung Pass
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30677 | Med | 0.40 | 6.1 | 0.00 | Jul 6, 2023 | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. | ||
| CVE-2023-30675 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. | ||
| CVE-2023-42576 | Med | 0.35 | 5.4 | 0.00 | Dec 5, 2023 | Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. | ||
| CVE-2023-42575 | Med | 0.35 | 5.4 | 0.00 | Dec 5, 2023 | Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. | ||
| CVE-2023-42554 | Med | 0.35 | 5.4 | 0.00 | Nov 7, 2023 | Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. | ||
| CVE-2024-49405 | Med | 0.34 | 5.3 | 0.00 | Nov 6, 2024 | Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario. | ||
| CVE-2022-39911 | Med | 0.31 | 4.8 | 0.00 | Dec 8, 2022 | Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. | ||
| CVE-2023-30676 | Med | 0.30 | 4.6 | 0.00 | Jul 6, 2023 | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. | ||
| CVE-2022-30730 | Med | 0.30 | 4.6 | 0.00 | Jun 7, 2022 | Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | ||
| CVE-2022-27841 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2022 | Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | ||
| CVE-2022-39910 | Low | 0.25 | 3.9 | 0.00 | Dec 8, 2022 | Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. | ||
| CVE-2022-36851 | Low | 0.25 | 3.9 | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | ||
| CVE-2022-39892 | Low | 0.23 | 3.6 | 0.00 | Nov 9, 2022 | Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | ||
| CVE-2021-25505 | Low | 0.21 | 3.3 | 0.01 | Nov 5, 2021 | Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. | ||
| CVE-2022-36876 | Low | 0.12 | 1.8 | 0.00 | Sep 9, 2022 | Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. |
- risk 0.40cvss 6.1epss 0.00
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.
- risk 0.40cvss 6.2epss 0.00
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.
- risk 0.35cvss 5.4epss 0.00
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.
- risk 0.35cvss 5.4epss 0.00
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
- risk 0.35cvss 5.4epss 0.00
Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.
- risk 0.34cvss 5.3epss 0.00
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
- risk 0.31cvss 4.8epss 0.00
Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
- risk 0.30cvss 4.6epss 0.00
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.
- risk 0.30cvss 4.6epss 0.00
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
- risk 0.28cvss 4.3epss 0.00
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
- risk 0.25cvss 3.9epss 0.00
Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
- risk 0.25cvss 3.9epss 0.00
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
- risk 0.23cvss 3.6epss 0.00
Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
- risk 0.21cvss 3.3epss 0.01
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
- risk 0.12cvss 1.8epss 0.00
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.