This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Techexcel
Techexcel back Office Software |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:techexcel:back_office_software:*:*:*:*:*:*:*:* | |
Vendors & Products |
Techexcel
Techexcel back Office Software |
|
Metrics |
cvssV3_1
|
Mon, 09 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Techexcel Inc.
Techexcel Inc. back Office |
|
CPEs | cpe:2.3:a:techexcel_inc.:back_office:*:*:*:*:*:*:*:* | |
Vendors & Products |
Techexcel Inc.
Techexcel Inc. back Office |
|
Metrics |
ssvc
|
Mon, 09 Sep 2024 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users. | |
Title | Improper Access Control Vulnerability in TechExcel Back Office Software | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-09-09T09:13:24.618Z
Updated: 2024-09-09T13:11:07.617Z
Reserved: 2024-09-09T07:05:21.171Z
Link: CVE-2024-8601
Vulnrichment
Updated: 2024-09-09T13:11:03.010Z
NVD
Status : Analyzed
Published: 2024-09-09T10:15:03.027
Modified: 2024-09-17T17:54:39.767
Link: CVE-2024-8601
Redhat
No data.