Insecure Storage of Sensitive Data in QMS.Mobile Module (All versions < V12.39)

Insecure Storage of Sensitive Data in QMS.Mobile Module (All versions < V12.39)

CVE-2023-40728 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.

Learn more about our Automotive Penetration Testing.