VYPR

QMS.Mobile

by QMS Automotive

CVEs (4)

  • CVE-2023-40727HigSep 12, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.

  • CVE-2023-40728HigSep 12, 2023
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution…

  • CVE-2023-40730HigSep 12, 2023
    risk 0.46cvss 7.1epss 0.00

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a…

  • CVE-2023-40732LowSep 12, 2023
    risk 0.25cvss 3.9epss 0.00

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.