In a recent report by the Indian Computer Emergency Response Team (CERT-In), alarming vulnerabilities have been discovered in Apex Softcell’s mobile stock trading and back-office platforms. These vulnerabilities, if left unaddressed, could have serious repercussions, such as unauthorized transactions and the circumvention of crucial security measures like One-Time Passwords (OTPs). With Apex Softcell boasting over three decades of experience in serving the capital markets and financial industries, these vulnerabilities have raised significant concerns among its user base.
The CERT-In advisory highlighted five specific vulnerabilities in the Apex Softcell LD Geo and LD DP Back Office products. These vulnerabilities, present in versions of LD Geo before 4.0.0.7 and LD DP Back Office before 24.8.21.1, could allow remote attackers to execute malicious activities such as user enumeration, OTP verification bypass, transaction manipulation, and unauthorized access to sensitive user data. Among the vulnerabilities identified are CVE-2024-47085, CVE-2024-47086, CVE-2024-47087, CVE-2024-47088, and CVE-2024-47089, each posing unique risks to the integrity and security of the trading platforms.
The first vulnerability, CVE-2024-47085, involves parameter manipulation that could expose sensitive information of other users. The second vulnerability, CVE-2024-47086, allows attackers to bypass OTP verification, compromising user account security. The third vulnerability, CVE-2024-47087, leads to information disclosure by manipulating API request parameters. The fourth vulnerability, CVE-2024-47088, enables user enumeration through brute-force methods. Lastly, CVE-2024-47089, the fifth vulnerability, permits unauthorized transaction manipulation by exploiting transaction token IDs.
To mitigate these vulnerabilities, users are strongly advised to update their systems immediately. Upgrading Apex Softcell LD Geo to version 4.0.0.7 and LD DP Back Office to version 24.8.21.1 is crucial to address the identified security flaws and safeguard financial operations. Furthermore, organizations should rigorously validate API input parameters, implement anomaly detection systems, conduct regular security assessments, and penetration testing to proactively identify and mitigate vulnerabilities.
In conclusion, the vulnerabilities in Apex Softcell’s platforms pose significant risks to both financial transactions and user information. Users must take proactive steps to enhance the security of their systems by adopting the recommended actions and best practices outlined above. By staying vigilant and implementing robust security measures, organizations can effectively mitigate the risks associated with these vulnerabilities in Apex Softcell’s platforms.