Lucene search

NCSC.chCVELIST:CVE-2023-3065

HistoryJun 05, 2023 - 8:27 a.m.

CVE-2023-3065 Mobatime mobile application - Authentication bypass

2023-06-0508:27:33

CWE-287

NCSC.ch

www.cve.org

cve-2023-3065

mobatime mobile app

authentication bypass

improper authentication vulnerability

amxgt100

security issue

version 1.3.20

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "API"
    ],
    "packageName": "com.Mobatime.AMXGT100",
    "product": "Mobatime mobile application AMXGT100",
    "vendor": "Mobatime",
    "versions": [
      {
        "lessThanOrEqual": "1.3.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Related for CVELIST:CVE-2023-3065