CVE-2024-47089

EPSS 0.06%
Veröffentlicht 19.09.2024 07:15:02
Zuletzt bearbeitet 26.09.2024 19:09:44
Quelle vdisclose@cert-in.org.in
Teams Watchlist Login
Unerledigt Login

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apexsoftcell ≫ Ld Geo Version < 4.0.0.7

Apexsoftcell ≫ Ld Dp Back Office Version < 24.8.21.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.201

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vdisclose@cert-in.org.in	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47089

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47089

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47089

EUVD