Vendor of Product: Transtek

Affected Product: Mojodat FAM (Fixed Asset Management)

Affected Component: Mobile Appicaltion

Vulnerabilities Details:

CVE ID

Version

Problem Type

Description

Discoverer

CVE-2022-38768

2.4.6

Incorrect Access Control

The mobile application allows remote attackers to bypass authorization.

Cybersecurity team of the ministry of energy MoEnergy.

CVE-2022-38769

2.4.6

Incorrect Access Control

The mobile application allows remote attackers to fetch cleartext passwords upon a successful login request.

Cybersecurity team of the ministry of energy MoEnergy.

CVE-2022-38770

2.4.6

Incorrect Access Control

The mobile application allows remote attackers to fetch other users' data upon a successful login request.

Cybersecurity team of the ministry of energy MoEnergy.

CVE-2022-38771

2.4.6

SQL Injection

The mobile application allows remote attackers to send SCRIPT tags as injected input to the API request.

Cybersecurity team of the ministry of energy MoEnergy.