Vulnerabilities > CVE-2023-3064 - Insecure Storage of Sensitive Information vulnerability in Mobatime Amxgt 100 1.3.20

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mobatime

CWE-922

NVD

Published: 2023-06-05

Updated: 2023-06-13

Summary

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

Vulnerable Configurations

Part	Description	Count
Application	Mobatime Mobatime Amxgt 100 - Mobatime Amxgt 100 1.3.20	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html