HIGH🇵🇱 Wersja polska

CVE-2024-47086

CVSS 8.7v4.0pub. 2024-09-19upd. 2024-09-26

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Apexsoftcell Ld Dp Back Office

    APP
    Apexsoftcell
    < 24.8.21.1
  • Apexsoftcell Ld Geo

    APP
    Apexsoftcell
    < 4.0.0.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-47088CRITICAL9.3PL ✓ten sam produkt

Brak ograniczeń prób logowania w Apex Softcell LD Geo — brute force OTP

CVE-2024-47085HIGH8.7ten sam produkt

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters ...

CVE-2024-47087HIGH8.7ten sam produkt

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client...

CVE-2024-47089HIGH8.7ten sam produkt

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID i...