Lucene search

CERT-InCVELIST:CVE-2024-47087

HistorySep 19, 2024 - 6:08 a.m.

CVE-2024-47087 Information Disclosure Vulnerability

2024-09-1906:08:46

CWE-359

CERT-In

www.cve.org

cve-2024-47087; information disclosure; apex softcell ld geo; api endpoint; remote attacker; sensitive information

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.8%

JSON

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "LD Geo",
    "vendor": "Apex Softcell",
    "versions": [
      {
        "status": "affected",
        "version": "<4.0.0.7"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2024-47087