What the vulnerability does
01Description
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
CVSS base score
3.2/10
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Key dates
02Disclosure timeline
March 4, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-47915 VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-58589 Information Disclosure Through Stacktrace
CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint
CVE-2011-4917
CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
