CVE-2024-47086
published 2024-09-19CVE-2024-47086: This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An…
PriorityP344medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.47%
37.4th percentile
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apex_softcell | ld_dp_back_office | — | — |
| apexsoftcell | ld_dp_back_office | < 24.8.21.1 | 24.8.21.1 |
| apexsoftcell | ld_geo | < 4.0.0.7 | 4.0.0.7 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-19
Published