CVE-2023-47393
MEDIUMMercedes me < 1.34.0 - Unauthorized Access to Sensitive User Information
Title source: llmDescription
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.
References (1)
Core 1
Core References
Third Party Advisory
https://gist.github.com/wwwziziyu/7dbf7fd43f9e304ce0819f8a9784d2c6
Scores
CVSS v3
5.3
EPSS
0.0050
EPSS Percentile
39.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
mercedes-benz/mercedes_me
< 1.34.0
Published
Nov 22, 2023
Tracked Since
Feb 18, 2026