Lucene search

NCSC.chCVELIST:CVE-2023-3066

HistoryJun 05, 2023 - 8:27 a.m.

CVE-2023-3066 Mobatime mobile application - Broken authorisation

2023-06-0508:27:49

CWE-863

NCSC.ch

www.cve.org

authorization

vulnerability

mobatime

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "API"
    ],
    "packageName": "com.Mobatime.AMXGT100",
    "product": "Mobatime mobile application AMXGT100",
    "vendor": "Mobatime",
    "versions": [
      {
        "lessThanOrEqual": "1.3.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Related for CVELIST:CVE-2023-3066