5 matches found
CVE-2024-47089
Affected software: Apex Softcell LD Geo. Vulnerability: Improper validation of the transaction token ID in the API endpoint, enabling an authenticated remote attacker to manipulate the token ID and access/modify transactions belonging to other users. Impact: Unauthorized access and modification o...
CVE-2024-47086
Apex Softcell LD DP Back Office is affected by CVE-2024-47086 due to improper OTP validation in certain API endpoints. The vulnerability allows an authenticated remote attacker to supply arbitrary OTP values, potentially bypassing OTP verification for other user accounts and altering API response...
CVE-2024-47088
CVE-2024-47088 affects Apex Softcell LD Geo and stems from missing restrictions on excessive failed authentication attempts via its API login, enabling brute-force attempts on login OTP. Public sources (NVD/Red Hat/CVE List) describe a high-severity impact (unauthorized access possible; CVSS scor...
CVE-2024-47087
CVE-2024-47087 affects Apex Softcell LD Geo. The vulnerability is caused by improper validation of parameters in the API endpoint (e.g., Client ID, DPID, BOID) within the application, enabling an authenticated remote attacker to manipulate API request body parameters and cause exposure of sensiti...
CVE-2024-47085
The CVE-2024-47085 vulnerability affects Apex Softcell LD DP Back Office, arising from improper validation of API parameters cCdslClicentcode and cLdClientCode in the API endpoint. An authenticated remote attacker could manipulate request body parameters to expose sensitive information from other...