CVE-2023-40732

Name of the Vulnerable Software and Affected Versions QMS Automotive versions prior to V12.39

Description The issue is related to the QMS.Mobile module of the QMS Automotive software, which does not properly invalidate session tokens upon logout. This could allow an attacker to perform session hijacking attacks, potentially giving them access to sensitive information or control over the affected system.

Recommendations For versions prior to V12.39, update to version V12.39 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to monitor and invalidate session tokens manually until a patch is applied. Restrict access to the QMS.Mobile module to minimize the risk of exploitation. Avoid using the affected module until the issue is resolved.