CVE-2023-47392 - OpenCVE

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mercedes-benz	Mercedes Me

Configuration 1 [-]

cpe:2.3:a:mercedes-benz:mercedes_me:*:*:*:*:*:iphone_os:*:*

References

Link	Resource
https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-22T00:00:00

Updated: 2023-11-22T06:52:30.589715

Reserved: 2023-11-06T00:00:00

Link: CVE-2023-47392

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-22T07:15:07.587

Modified: 2023-11-29T18:03:15.443

Link: CVE-2023-47392

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo