CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mercedes-benz:mercedes_me:*:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 08:30

Type Values Removed Values Added
References () https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1 - Third Party Advisory () https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1 - Third Party Advisory

29 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-200

29 Nov 2023, 18:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE NVD-CWE-noinfo
First Time Mercedes-benz mercedes Me
Mercedes-benz
CPE cpe:2.3:a:mercedes-benz:mercedes_me:*:*:*:*:*:iphone_os:*:*
References () https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1 - () https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1 - Third Party Advisory

22 Nov 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-22 07:15

Updated : 2024-11-21 08:30


NVD link : CVE-2023-47392

Mitre link : CVE-2023-47392

CVE.ORG link : CVE-2023-47392


JSON object : View

Products Affected

mercedes-benz

  • mercedes_me
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor