Описание
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.0.7 (исключая)
cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 24.8.21.1 (исключая)
cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00107
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-359
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
This vulnerability exists in LD DP Back Office due to improper validation of certain parameters “cCdslClicentcode” and “cLdClientCode” in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.
EPSS
Процентиль: 29%
0.00107
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-359
NVD-CWE-Other