Lucene search

CERT-InVULNRICHMENT:CVE-2024-47087

HistorySep 19, 2024 - 6:08 a.m.

CVE-2024-47087 Information Disclosure Vulnerability

2024-09-1906:08:46

CWE-359

CERT-In

github.com

vulnerability

information disclosure

apex softcell ld geo

authentication

api

sensitive information

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

18.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apexsoftcell",
    "product": "ld_geo",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.0.0.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

18.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-47087