CVE-2024-47085
Parameter Manipulation Vulnerability
Severity Score
8.7
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
This vulnerability exists in LD DP Back Office due to improper validation of certain parameters “cCdslClicentcode” and “cLdClientCode” in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
*Credits:
This vulnerability is reported by Mohit Gadiya.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-09-18 CVE Reserved
- 2024-09-19 CVE Published
- 2024-09-20 CVE Updated
- 2024-09-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apex Softcell Search vendor "Apex Softcell" | LD DP Back Office Search vendor "Apex Softcell" for product "LD DP Back Office" | < 24.8.21.1 Search vendor "Apex Softcell" for product "LD DP Back Office" and version " < 24.8.21.1" | en |
Affected
|