CVE-2024-8601
MEDIUMTechExcel Back Office Software <1.0.0 - Info Disclosure
Title source: llmDescription
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0285
Scores
CVSS v3
6.5
EPSS
0.0008
EPSS Percentile
22.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-639
CWE-863
Status
published
Products (1)
techexcel/back_office_software
< 1.0.0
Published
Sep 09, 2024
Tracked Since
Feb 18, 2026