Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and 

MASmobile Classic iOS version 1.7.24 and earlier

which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and 

MASmobile Classic iOS version 1.7.24 and earlier

which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.

OR
          *cpe:2.3:a:honeywell:masmobile_classic:*:*:*:*:*:android:*:* versions up to (including) 1.16.18
          *cpe:2.3:a:honeywell:masmobile_asp.net_services:*:*:*:*:*:*:*:* versions up to (including) 1.9
          *cpe:2.3:a:honeywell:masmobile_classic:*:*:*:*:*:iphone_os:*:* versions up to (including) 1.7.24

CVE: https://www.corporate.carrier.com/product-security/advisories-resources/ Types: Not Applicable, Vendor Advisory

Carrier Global Corporation: https://www.corporate.carrier.com/product-security/advisories-resources/ Types: Not Applicable, Vendor Advisory

https://www.corporate.carrier.com/product-security/advisories-resources/

Carrier Global Corporation unsupported-when-assigned

An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16.18 for Android, MASmobile Classic app through 1.7.24 for iOS, and MAS ASP.Net Services through 1.9. It can be achieved via session ID prediction, allowing remote attackers to retrieve sensitive data including customer data, security system status, and event history. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The affected products cannot simply be updated; they must be removed, but can be replaced by other Carrier software as explained in the Carrier advisory.

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and 

MASmobile Classic iOS version 1.7.24 and earlier

which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.

Carrier Global Corporation AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Carrier Global Corporation CWE-639

Carrier Global Corporation https://www.corporate.carrier.com/product-security/advisories-resources/ [No types assigned]

Carrier Global Corporation https://www.corporate.carrier.com/Images/CARR-PSA-MASMobile%20Classic%20Authorization%20Bypass-012-0623_tcm558-203964.pdf

Carrier Global Corporation unsupported-when-assigned

An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16.18 for Android, MASmobile Classic app through 1.7.24 for iOS, and MAS ASP.Net Services through 1.9. It can be achieved via session ID prediction, allowing remote attackers to retrieve sensitive data including customer data, security system status, and event history. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The affected products cannot simply be updated; they must be removed, but can be replaced by other Carrier software as explained in the Carrier advisory.

Carrier Global Corporation https://www.corporate.carrier.com/Images/CARR-PSA-MASMobile%20Classic%20Authorization%20Bypass-012-0623_tcm558-203964.pdf [No types assigned]