{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47085", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "state": "PUBLISHED", "assignerShortName": "CERT-In", "dateReserved": "2024-09-18T08:36:36.214Z", "datePublished": "2024-09-19T05:56:23.460Z", "dateUpdated": "2024-09-19T14:23:16.598Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LD DP Back Office", "vendor": "Apex Softcell", "versions": [{"status": "affected", "version": "<24.8.21.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is reported by Mohit Gadiya."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters \u201ccCdslClicentcode\u201d and \u201ccLdClientCode\u201d in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users."}], "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters \u201ccCdslClicentcode\u201d and \u201ccLdClientCode\u201d in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2024-09-19T06:21:05.655Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1<br>"}], "value": "Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1"}], "source": {"discovery": "UNKNOWN"}, "title": "Parameter Manipulation Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "apexsoftcell", "product": "ld_dp_back_office", "cpes": ["cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "24.8.21.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T14:22:46.182932Z", "id": "CVE-2024-47085", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T14:23:16.598Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47085", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-19T14:22:46.182932Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*"], "vendor": "apexsoftcell", "product": "ld_dp_back_office", "versions": [{"status": "affected", "version": "0", "lessThan": "24.8.21.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T14:23:13.090Z"}}], "cna": {"title": "Parameter Manipulation Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is reported by Mohit Gadiya."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Apex Softcell", "product": "LD DP Back Office", "versions": [{"status": "affected", "version": "<24.8.21.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1", "supportingMedia": [{"type": "text/html", "value": "Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1<br>", "base64": false}]}], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters \u201ccCdslClicentcode\u201d and \u201ccLdClientCode\u201d in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.", "supportingMedia": [{"type": "text/html", "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters \u201ccCdslClicentcode\u201d and \u201ccLdClientCode\u201d in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2024-09-19T06:21:05.655Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47085", "state": "PUBLISHED", "dateUpdated": "2024-09-19T14:23:16.598Z", "dateReserved": "2024-09-18T08:36:36.214Z", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "datePublished": "2024-09-19T05:56:23.460Z", "assignerShortName": "CERT-In"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters \u201ccCdslClicentcode\u201d and \u201ccLdClientCode\u201d in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users."}], "id": "CVE-2024-47085", "lastModified": "2024-09-19T07:15:02.050", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "vdisclose@cert-in.org.in", "type": "Secondary"}]}, "published": "2024-09-19T06:15:02.960", "references": [{"source": "vdisclose@cert-in.org.in", "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296"}], "sourceIdentifier": "vdisclose@cert-in.org.in", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "vdisclose@cert-in.org.in", "type": "Primary"}]}

{}