CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.

****Vendor of Product:** Transtek******Affected Product:** Mojodat FAM (Fixed Asset Management)******Affected Component:** Mobile Appicaltion******Vulnerabilities Details:** **

**_CVE ID_**

**_Version_**

**_Problem Type_**

**_Description_**

**_CVE-2022-38768_**

2.4.6

Incorrect Access Control

The mobile application allows remote attackers to bypass authorization.

**_CVE-2022-38769_**

2.4.6

Incorrect Access Control

The mobile application allows remote attackers to fetch cleartext passwords upon a successful login request.

**_CVE-2022-38770_**

2.4.6

Incorrect Access Control

The mobile application allows remote attackers to fetch other users' data upon a successful login request.

**_CVE-2022-38771_**

2.4.6

SQL Injection

The mobile application allows remote attackers to send SCRIPT tags as injected input to the API request.

Headline

CVE-2022-38771

CVE: Latest News