← voltar
CVE-2023-36483

MAS (a Carrier brand) MASmobile Classic Authorization Bypass

CVSS 6.5 MEDIUMEPSS 0.5%CWE-639
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
MAS (a Carrier brand) · MAS ASP.Net ServicesMAS (a Carrier brand) · MASmobile Classic

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.corporate.carrier.com/product-security/advisories-resources/