5 matches found
CVE-2023-3066
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20...
CVE-2023-3065
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20...
CVE-2023-3066
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20...
Code injection
Anonymous user may get the list of existing users managed by the application, that could ease further attacks see CVE-2023-3065 and 3066This issue affects Mobatime mobile application AMXGT100 through 1.3.20...
CVE-2023-3064
CVE-2023-3064 concerns the Mobatime AMXGT100 mobile app up to version 1.3.20, where an anonymous user can obtain the list of existing users. Related entries CVE-2023-3065 and CVE-2023-3066 describe broader authentication issues: CVE-2023-3065 (improper authentication) allows an authentication byp...