5 matches found
CVE-2023-3066
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20...
CVE-2023-3066
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20...
CVE-2023-3065
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20...
Code injection
Anonymous user may get the list of existing users managed by the application, that could ease further attacks see CVE-2023-3065 and 3066This issue affects Mobatime mobile application AMXGT100 through 1.3.20...
CVE-2023-3064
CVE-2023-3064 concerns the Mobatime AMXGT100 mobile app up to version 1.3.20, where an anonymous user can obtain the list of existing users. Related entries CVE-2023-3065 and CVE-2023-3066 describe broader authentication issues: CVE-2023-3065 (improper authentication) allows an authentication byp...