CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3066 – Mobatime mobile application - Broken authorisation
https://notcve.org/view.php?id=CVE-2023-3066
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3065 – Mobatime mobile application - Authentication bypass
https://notcve.org/view.php?id=CVE-2023-3065
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3064 – Mobatime mobile application - Sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-3064
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20. • https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •