This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
History

Thu, 26 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Apexsoftcell ld Dp Back Office
CPEs cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*
Vendors & Products Apexsoftcell ld Dp Back Office
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Thu, 19 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Apexsoftcell
Apexsoftcell ld Geo
CPEs cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*
Vendors & Products Apexsoftcell
Apexsoftcell ld Geo
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
Title Unauthorized Transaction Manipulation Vulnerability
Weaknesses CWE-354
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published: 2024-09-19T06:18:33.392Z

Updated: 2024-09-19T13:45:30.139Z

Reserved: 2024-09-18T08:36:36.215Z

Link: CVE-2024-47089

cve-icon Vulnrichment

Updated: 2024-09-19T13:45:08.166Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-19T07:15:02.657

Modified: 2024-09-26T19:09:44.377

Link: CVE-2024-47089

cve-icon Redhat

No data.