CVE-2023-40724

Name of the Vulnerable Software and Affected Versions QMS Automotive versions prior to V12.39

Description A vulnerability has been identified in QMS Automotive where user credentials are stored in memory as plaintext. This could allow an attacker to perform a memory dump and gain access to credentials, potentially using them for impersonation. The vulnerability is related to the storage of confidential information in unencrypted form in memory, which could be exploited by a remote attacker to reveal user credentials.

Recommendations For versions prior to V12.39, update to version V12.39 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect user credentials, such as encrypting sensitive data or restricting access to sensitive areas of the system.