This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The cveform.mitre.org "Vulnerability Type" field was set to: | |
Incorrect Access Control | |
⬤ The cveform.mitre.org "Affected Component" field was set to: | |
Sensitive information can lead to the full amount of | |
enterprise wechat data being obtained, file acquisition, and | |
the use of enterprise wechat light application to send | |
phishing files and links to internal forces |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability description: Mercedes me IOS APP has the vulnerability of increasing shopping cart orders and querying shopping cart contents beyond its authority. | |
An attacker can bypass the APP's authentication mechanism by constructing a specific request to add shopping cart orders and query the contents of the cart as another user. | |
Since these operations are often subject to strict authentication, such overreach can lead to serious security issues. | |
In addition, since the shopping cart may contain the user's personal information and sensitive data, such an unauthorized query may lead to the disclosure of the user's privacy. | |
At the same time, the attacker can also obtain the user's shopping habits and preferences in this way, and further conduct targeted fraud activities. | |
--------------------------------------------------- | |
Affected version: APP version <=1.34.0 | |
---------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mercedes me IOS APP unauthorized access to booking maintenance orders | |
Affected version: APP version <=1.34.0 | |
Test tool: iPhone 13 pro-ios 16.6.1+Yakit1.2.7 | |
Vulnerability URL : | |
We can check other orders by traversing odd numbers | |
Order information includes 4s shop, owner's phone number, name, model, date and other information |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mercedes me IOS APP unauthorized access to booking maintenance orders | |
Affected version: APP version <=1.34.0 | |
Test tool: iPhone 13 pro-ios 16.6.1+Yakit1.2.7 | |
Vulnerability URL : | |
We can check other orders by traversing odd numbers | |
Order information includes 4s shop, owner's phone number, name, model, date and other information |