This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XApexsoftcell Ld Dp Back Office
APPApexsoftcell< 24.8.21.1Apexsoftcell Ld Geo
APPApexsoftcell< 4.0.0.7
Related vulnerabilities
Brak ograniczeń prób logowania w Apex Softcell LD Geo — brute force OTP
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation ...
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client...
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID i...