ByteOS Network

LD DP Back Office

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-47086

Assigner-Indian Computer Emergency Response Team (CERT-In)

View Details

Assigner-Indian Computer Emergency Response Team (CERT-In)

CVSS Score-8.7||HIGH

EPSS-0.28% / 50.91%

7 Day CHG~0.00%

Published-19 Sep, 2024 | 06:03

Updated-26 Sep, 2024 | 15:29

OTP Bypass Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.

Vendor-apexsoftcell Apex Softcell apexsoftcell

Product-ld_dp_back_office ld_geo LD DP Back Office ld_dp_back_office

CWE ID-CWE-302

Authentication Bypass by Assumed-Immutable Data

CVE-2024-47085

Assigner-Indian Computer Emergency Response Team (CERT-In)

View Details

Assigner-Indian Computer Emergency Response Team (CERT-In)

CVSS Score-8.7||HIGH

EPSS-0.14% / 34.38%

7 Day CHG~0.00%

Published-19 Sep, 2024 | 05:56

Updated-26 Sep, 2024 | 15:30

Parameter Manipulation Vulnerability

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users.

Vendor-apexsoftcell Apex Softcell apexsoftcell

Product-ld_dp_back_office ld_geo LD DP Back Office ld_dp_back_office

CWE ID-CWE-359

Exposure of Private Personal Information to an Unauthorized Actor