Back

CVE-2024-47089

Sept. 19, 2024, 7:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Apex Softcell LD Geo

Source

vdisclose@cert-in.org.in

Tags

CWE-354
vdisclose@cert-in.org.in
2024-09-19
CVE-2024-47089

CVE-2024-47089 details

Published : Sept. 19, 2024, 7:15 a.m.
Last Modified : Sept. 19, 2024, 7:15 a.m.

Description

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-354 Improper Validation of Integrity Check Value The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

URL Source
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 vdisclose@cert-in.org.in
This website uses the NVD API, but is not approved or certified by it.