Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36872

Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

Published

2022-09-09T15:15:12.880

Last Modified

2024-11-21T07:13:56.627

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samsung	samsung_pay	< 5.1.47	Yes
Application	samsung	samsung_pay_kr	< 5.0.63	Yes

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 Vendor Advisory ([email protected])
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)