This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apexsoftcell
Apexsoftcell ld Geo |
|
CPEs | cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apexsoftcell
Apexsoftcell ld Geo |
|
Metrics |
ssvc
|
Thu, 19 Sep 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users. | |
Title | Unauthorized Transaction Manipulation Vulnerability | |
Weaknesses | CWE-354 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-09-19T06:18:33.392Z
Updated: 2024-09-19T13:45:30.139Z
Reserved: 2024-09-18T08:36:36.215Z
Link: CVE-2024-47089
Vulnrichment
Updated: 2024-09-19T13:45:08.166Z
NVD
Status : Received
Published: 2024-09-19T07:15:02.657
Modified: 2024-09-19T07:15:02.657
Link: CVE-2024-47089
Redhat
No data.