Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36871

Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

Published

2022-09-09T15:15:12.810

Last Modified

2024-11-21T07:13:56.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samsung	samsung_pay	< 5.1.47	Yes
Application	samsung	samsung_pay_kr	< 5.0.63	Yes

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 Vendor Advisory ([email protected])
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)