HIGH🇬🇧 English

CVE-2024-47089

CVSS 8.7v4.0pub. 2024-09-19upd. 2024-09-26

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Apexsoftcell Ld Dp Back Office

    APP
    Apexsoftcell
    < 24.8.21.1
  • Apexsoftcell Ld Geo

    APP
    Apexsoftcell
    < 4.0.0.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-47088CRITICAL9.3PL ✓ten sam produkt

Brak ograniczeń prób logowania w Apex Softcell LD Geo — brute force OTP

CVE-2024-47085HIGH8.7ten sam produkt

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters ...

CVE-2024-47086HIGH8.7ten sam produkt

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation ...

CVE-2024-47087HIGH8.7ten sam produkt

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client...

CVE-2024-47089 — HIGH 8.7 | CVEbaza.pl