Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Qms Automotive Security Vulnerabilities - 2023

cve
cve

CVE-2023-40724

A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.

7.3CVSS

7AI Score

0.0004EPSS

2023-09-12 10:15 AM
16
cve
cve

CVE-2023-40725

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

4CVSS

4.1AI Score

0.0004EPSS

2023-09-12 10:15 AM
17
cve
cve

CVE-2023-40726

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.

8.8CVSS

8.2AI Score

0.001EPSS

2023-09-12 10:15 AM
13
cve
cve

CVE-2023-40727

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.

7.8CVSS

7.3AI Score

0.0004EPSS

2023-09-12 10:15 AM
19
cve
cve

CVE-2023-40728

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-serv...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-09-12 10:15 AM
11
cve
cve

CVE-2023-40729

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information.

7.4CVSS

7.4AI Score

0.001EPSS

2023-09-12 10:15 AM
20
cve
cve

CVE-2023-40730

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-servic...

8.8CVSS

8.4AI Score

0.001EPSS

2023-09-12 10:15 AM
12
cve
cve

CVE-2023-40731

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.

8.8CVSS

8.5AI Score

0.001EPSS

2023-09-12 10:15 AM
15
cve
cve

CVE-2023-40732

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.

3.9CVSS

4.1AI Score

0.0004EPSS

2023-09-12 10:15 AM
20