Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.