Lucene search

[email protected]NVD:CVE-2023-3064

HistoryJun 05, 2023 - 9:15 a.m.

CVE-2023-3064

2023-06-0509:15:09

CWE-200

CWE-922

[email protected]

web.nvd.nist.gov

cve-2023-3064

information disclosure

user enumeration

application security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

Affected configurations

Nvd

Node

mobatimeamxgt_100Range≤1.3.20android

VendorProductVersionCPE
mobatimeamxgt_100*cpe:2.3:a:mobatime:amxgt_100:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
mobatime	amxgt_100	*	cpe:2.3:a:mobatime:amxgt_100::::::android::*

References

borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Related for NVD:CVE-2023-3064

cve2 cvelist2 prion2 nvd1