CVE-2023-3064 - OpenCVE

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mobatime	Amxgt 100

Configuration 1 [-]

cpe:2.3:a:mobatime:amxgt_100:*:*:*:*:*:android:*:*

References

Link	Resource
https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2023-06-05T08:24:53.735Z

Updated: 2023-06-05T08:24:53.735Z

Reserved: 2023-06-02T14:24:17.323Z

Link: CVE-2023-3064

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-05T09:15:09.413

Modified: 2023-06-13T16:41:22.930

Link: CVE-2023-3064

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3064", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2023-06-02T14:24:17.323Z", "datePublished": "2023-06-05T08:24:53.735Z", "dateUpdated": "2023-06-05T08:24:53.735Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["API"], "packageName": "com.Mobatime.AMXGT100", "product": "Mobatime mobile application AMXGT100", "vendor": "Mobatime", "versions": [{"lessThanOrEqual": "1.3.20", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "testeurdestylos"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)<p>This issue affects Mobatime mobile application AMXGT100 through 1.3.20.</p>"}], "value": "Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.\n\n"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2023-06-05T08:24:53.735Z"}, "references": [{"url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Mobatime mobile application - Sensitive information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}