Session Hijacking Vulnerability in QMS Automotive (All versions < V12.39)

Session Hijacking Vulnerability in QMS Automotive (All versions < V12.39)

CVE-2023-40732 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.

Learn more about our Automotive Penetration Testing.