Lucene search

CERT-InCVELIST:CVE-2024-8601

HistorySep 09, 2024 - 9:13 a.m.

CVE-2024-8601 Improper Access Control Vulnerability in TechExcel Back Office Software

2024-09-0909:13:24

CWE-639

CERT-In

www.cve.org

vulnerability

access control

techexcel software

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.8%

JSON

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Back Office Software",
    "vendor": "TechExcel Software Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "<1.0.0"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0285

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:L/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2024-8601