Lucene search

NCSC.chCVELIST:CVE-2023-3064

HistoryJun 05, 2023 - 8:24 a.m.

CVE-2023-3064 Mobatime mobile application - Sensitive information disclosure

2023-06-0508:24:53

CWE-200

NCSC.ch

www.cve.org

cve-2023-3064

mobatime

information disclosure

mobile app

amxgt100

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "API"
    ],
    "packageName": "com.Mobatime.AMXGT100",
    "product": "Mobatime mobile application AMXGT100",
    "vendor": "Mobatime",
    "versions": [
      {
        "lessThanOrEqual": "1.3.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Related for CVELIST:CVE-2023-3064