First published: Tue Sep 12 2023(Updated: )
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Qms Automotive | <12.39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-40732 is low.
The affected software of CVE-2023-40732 is QMS Automotive (All versions < V12.39).
The vulnerability in CVE-2023-40732 allows an attacker to perform session hijacking attacks due to the QMS.Mobile module of the affected application not invalidating the session token on logout.
To fix CVE-2023-40732, update the affected QMS Automotive software to version 12.39 or higher.
More information about CVE-2023-40732 can be found at the following reference: https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf