Security News > 2016 > July > BMW ConnectedDrive flaws could be misused to tamper with car settings (Help Net Security)

BMW ConnectedDrive flaws could be misused to tamper with car settings (Help Net Security)
2016-07-08 18:53

Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work. “Successful exploitation of the vulnerability … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/lwoZdjlOKJA/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
BMW 2 0 2 3 2 7