{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-47085","assignerOrgId":"66834db9-ab24-42b4-be80-296b2e40335c","state":"PUBLISHED","assignerShortName":"CERT-In","dateReserved":"2024-09-18T08:36:36.214Z","datePublished":"2024-09-19T05:56:23.460Z","dateUpdated":"2024-09-20T12:15:03.789Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"LD DP Back Office","vendor":"Apex Softcell","versions":[{"status":"affected","version":"<24.8.21.1"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability is reported by Mohit Gadiya."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users."}],"value":"This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-359","description":"CWE-359: Exposure of Private Personal Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"66834db9-ab24-42b4-be80-296b2e40335c","shortName":"CERT-In","dateUpdated":"2024-09-20T12:15:03.789Z"},"references":[{"tags":["third-party-advisory"],"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1<br>"}],"value":"Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1"}],"source":{"discovery":"UNKNOWN"},"title":"Parameter Manipulation Vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"apexsoftcell","product":"ld_dp_back_office","cpes":["cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThan":"24.8.21.1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-19T14:22:46.182932Z","id":"CVE-2024-47085","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-19T14:23:16.598Z"}}]}}