CVE-2024-47086 · CVEKit

cve.orgen

433 chars

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.

NVDen

433 chars

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.

NVDes

474 chars

Esta vulnerabilidad existe en Apex Softcell LD DP Back Office debido a la implementación incorrecta del mecanismo de validación OTP en ciertos endpoints de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad proporcionando un valor OTP arbitrario para la autenticación y, posteriormente, modificando su respuesta de API. La explotación exitosa de esta vulnerabilidad podría permitir al atacante eludir la verificación OTP para otras cuentas de usuario.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0	Primary	cve.org	8.7	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N