U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:samsung:pass:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2023-42576

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.

Published: December 04, 2023; 10:15:18 PM -0500 		V4.0:(not available)
 V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2023-42575

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.

Published: December 04, 2023; 10:15:18 PM -0500 		V4.0:(not available)
 V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2023-42554

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.

Published: November 07, 2023; 3:15:23 AM -0500 		V4.0:(not available)
 V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2023-30677

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

Published: July 05, 2023; 11:15:12 PM -0400 		V4.0:(not available)
 V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2023-30676

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.

Published: July 05, 2023; 11:15:12 PM -0400 		V4.0:(not available)
 V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2023-30675

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

Published: July 05, 2023; 11:15:12 PM -0400 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-39911

Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.

Published: December 08, 2022; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2022-39910

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

Published: December 08, 2022; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 4.2 MEDIUM
V2.0:(not available)
CVE-2022-39892

Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.

Published: November 09, 2022; 5:15:18 PM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)