Описание
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.0.7 (исключая)
cpe:2.3:a:apexsoftcell:ld_geo:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 24.8.21.1 (исключая)
cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-354
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users.
EPSS
Процентиль: 26%
0.00092
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-354