QMS.Mobile
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-40727 | Hig | 0.51 | 7.8 | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code. | ||
| CVE-2023-40728 | Hig | 0.47 | 7.3 | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution… | ||
| CVE-2023-40730 | Hig | 0.46 | 7.1 | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a… | ||
| CVE-2023-40732 | Low | 0.25 | 3.9 | 0.00 | Sep 12, 2023 | A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks. |
- risk 0.51cvss 7.8epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution…
- risk 0.46cvss 7.1epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a…
- risk 0.25cvss 3.9epss 0.00
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.