cbcvebase.

Apexsoftcell Ld Dp Back Office vulnerabilities

5 known vulnerabilities affecting apexsoftcell/ld_dp_back_office.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-47088P2CRITICALCVSS 9.8fixed in 24.8.21.12024-09-19
CVE-2024-47088 [CRITICAL] CWE-307 CVE-2024-47088: This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed a This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.
nvd
CVE-2024-47086P3MEDIUMCVSS 6.5fixed in 24.8.21.12024-09-19
CVE-2024-47086 [MEDIUM] CWE-302 CVE-2024-47086: This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP v This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerabil
nvd
CVE-2024-47085P3MEDIUMCVSS 6.5fixed in 24.8.21.12024-09-19
CVE-2024-47085 [MEDIUM] CWE-359 CVE-2024-47085: This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain p This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other us
nvd
CVE-2024-47089P3MEDIUMCVSS 6.5fixed in 24.8.21.12024-09-19
CVE-2024-47089 [MEDIUM] CWE-354 CVE-2024-47089: This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
nvd
CVE-2024-47087P3MEDIUMCVSS 6.5fixed in 24.8.21.12024-09-19
CVE-2024-47087 [MEDIUM] CWE-359 CVE-2024-47087: This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain paramete This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
nvd
Apexsoftcell Ld Dp Back Office vulnerabilities | cvebase