This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.
History

Tue, 17 Sep 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Techexcel
Techexcel back Office Software
Weaknesses CWE-863
CPEs cpe:2.3:a:techexcel:back_office_software:*:*:*:*:*:*:*:*
Vendors & Products Techexcel
Techexcel back Office Software
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Mon, 09 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Techexcel Inc.
Techexcel Inc. back Office
CPEs cpe:2.3:a:techexcel_inc.:back_office:*:*:*:*:*:*:*:*
Vendors & Products Techexcel Inc.
Techexcel Inc. back Office
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 09:30:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.
Title Improper Access Control Vulnerability in TechExcel Back Office Software
Weaknesses CWE-639
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published: 2024-09-09T09:13:24.618Z

Updated: 2024-09-09T13:11:07.617Z

Reserved: 2024-09-09T07:05:21.171Z

Link: CVE-2024-8601

cve-icon Vulnrichment

Updated: 2024-09-09T13:11:03.010Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-09T10:15:03.027

Modified: 2024-09-17T17:54:39.767

Link: CVE-2024-8601

cve-icon Redhat

No data.