Session Hijacking Vulnerability in QMS Automotive (All versions < V12.39)
CVE-2023-40732 · LOW Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.
Learn more about our Automotive Penetration Testing.