This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.
CVSS
No CVSS.
References
Configurations
No configuration.
History
19 Sep 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts. |
19 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-19 06:15
Updated : 2024-09-19 07:15
NVD link : CVE-2024-47086
Mitre link : CVE-2024-47086
CVE.ORG link : CVE-2024-47086
JSON object : View
Products Affected
No product.
CWE
CWE-302
Authentication Bypass by Assumed-Immutable Data