CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-36483

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.7%

CVSS Severity

CVSS v3 Score 6.5

References

https://www.corporate.carrier.com/product-security/advisories-resources/
https://www.corporate.carrier.com/product-security/advisories-resources/

Products affected by CVE-2023-36483

Honeywell » Masmobile Asp.net Services » Version: 1.9

cpe:2.3:a:honeywell:masmobile_asp.net_services:1.9
Honeywell » Masmobile Classic » Version: 1.16.18

cpe:2.3:a:honeywell:masmobile_classic:1.16.18
Honeywell » Masmobile Classic » Version: 1.7.24

cpe:2.3:a:honeywell:masmobile_classic:1.7.24

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36483

Products

Pricing

Contact Us