CVE-2023-40732 LOW

CVE-2023-40732

Vendor Siemens
Product QMS Automotive
Weakness CWE-613 · Insufficient session expiration
Published September 12, 2023
Last update February 27, 2025

CVSS base score

3.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.

Key dates

02Disclosure timeline

September 12, 2023 CVE published
February 27, 2025 Record updated