CERT-In Vulnerability Note
CIVN-2024-0285
Improper Access Control Vulnerability in TechExcel Back Office Software
Original Issue Date:September 09, 2024
Severity Rating: HIGH
Component Affected
- TechExcel Back Office Software versions prior to 1.0.0
Overview
A vulnerability has been reported in TechExcel Back Office Software, which could allow an authenticated remote attacker to gain unauthorized access to sensitive information of other user accounts.
Description
This vulnerability exists in TechExcel Back Office Software due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.
Credit
This vulnerability is reported by Mohit Gadiya.
Solution
- Upgrade TechExcel Back Office Software to version 1.0.0
Vendor Information
TechExcel Software Solutions
https://techexcel.in/products/back-office-software/
References
TechExcel Software Solutions
https://techexcel.in/products/back-office-software/
CVE Name
CVE-2024-8601
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|