Lucene search

[email protected]NVD:CVE-2023-47392

HistoryNov 22, 2023 - 7:15 a.m.

CVE-2023-47392

2023-11-2207:15:07

[email protected]

web.nvd.nist.gov

access control

mercedes me

ios app

attack

view

carts

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

Affected configurations

NVD

Node

mercedes-benzmercedes_meRange≤1.34.0iphone_os

References

gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2023-47392

cve1 cvelist1 prion1