CVE-2023-40725
First published: Tue Sep 12 2023(Updated: )
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Qms Automotive | <12.39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-40725.
What is the affected software for this vulnerability?
The affected software for this vulnerability is QMS Automotive versions less than V12.39.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium.
What is the CWE category for this vulnerability?
The CWE category for this vulnerability is CWE-209.
How can I fix this vulnerability?
To fix this vulnerability, update your QMS Automotive software to version V12.39 or above.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens qms automotive