QMS Automotive
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-40732 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks. | |||
| CVE-2023-40731 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering. | |||
| CVE-2023-40730 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a… | |||
| CVE-2023-40729 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal… | |||
| CVE-2023-40728 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution… | |||
| CVE-2023-40727 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code. | |||
| CVE-2023-40726 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database. | |||
| CVE-2023-40725 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames. | |||
| CVE-2023-40724 | 0.00 | — | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation. | |||
| CVE-2022-43958 | 0.00 | — | 0.00 | Nov 8, 2022 | A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and… | |||
| CVE-2021-27389 | 0.00 | — | 0.00 | Apr 22, 2021 | A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. |
- CVE-2023-40732Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.
- CVE-2023-40731Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.
- CVE-2023-40730Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a…
- CVE-2023-40729Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal…
- CVE-2023-40728Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution…
- CVE-2023-40727Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.
- CVE-2023-40726Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.
- CVE-2023-40725Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.
- CVE-2023-40724Sep 12, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.
- CVE-2022-43958Nov 8, 2022risk 0.00cvss —epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and…
- CVE-2021-27389Apr 22, 2021risk 0.00cvss —epss 0.00
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.