CVE-2022-39890 In Samsung Billing 5.0.56.0, improper authorization allows attacker to get sensitive information.

It has been discovered that in Samsung Billing prior to version 5.0.56.0, improper authorization vulnerability exists. An attacker can exploit this vulnerability to get sensitive information. It has been discovered that in Samsung Billing prior to version 5.0.56.0, improper authorization vulnerability exists. An attacker can exploit this vulnerability to get sensitive information. What information can be gotten? - Confirmation of customer’s identity. - Confirmation of purchase. - Confirmation of payment method. - Confirmation of expiry date of a product. - Confirmation of address. - Confirmation of email. It has been discovered that in Samsung Billing prior to version 5.0.56.0, improper authorization vulnerability exists. An attacker can exploit this vulnerability to get sensitive information. What information can be gotten? - Confirmation of customer’s identity. - Confirmation of purchase. - Confirmation of payment method. - Confirmation of expiry date of a product. - Confirmation of address. - Confirmation of email. What information can be gotten? - Confirmation of customer’s identity. - Confirmation of purchase. - Confirmation of payment method. - Confirmation of expiry date of a product. - Confirmation of address. - Confirmation of email. What information can be gotten? - Confirmation of customer’s identity. - Confirmation of purchase. - Confirmation of payment method. - Confirmation of expiry date

References ! [CVE-2022-39890](/public/imported_attachments/1/cve.png)

Solutions:

Solutions for this vulnerability include:
- Update the Billing app to version 5.0.56.0 or later. - Switching over to a different billing application for Samsung devices that is more secure.
This can be fixed by updating your software, not using an unsafe app, and changing what you use to connect with your device's biller in case of any risk from it.

Vulnerability summary

There is a vulnerability in Samsung Billing which can be exploited by an attacker to get confidential information.
The vulnerability was discovered on the Samsung Billing software prior to version 5.0.56.0.
An attacker can exploit this vulnerability to get sensitive information such as confirmation of customer’s identity, purchase, payment method, expiry date of a product, address and email.

Timeline

Published on: 11/09/2022 22:15:00 UTC
Last modified on: 11/10/2022 15:29:00 UTC

References

• https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=11
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39890