CVE-2025-2407
- EPSS 0.07%
- Veröffentlicht 27.05.2025 07:52:40
- Zuletzt bearbeitet 28.05.2025 15:01:30
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5.
CVE-2023-3064
- EPSS 0.11%
- Veröffentlicht 05.06.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:21
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
CVE-2023-3065
- EPSS 0.06%
- Veröffentlicht 05.06.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:21
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
CVE-2023-3066
- EPSS 0.09%
- Veröffentlicht 05.06.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:22
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.