216.73.217.50

CVE-2024-47089

· Published 19/09/2024 07:15 · Modified 26/09/2024 19:09

Labels: CVE-2024-47089 2024-09-19CVE-2024-47089CWE-354[email protected]

Essential information

Published
19/09/2024 07:15
Modified
26/09/2024 19:09
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apexsoftcell / ld geo cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*
apexsoftcell / ld dp back office cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*

References