← Back

CVE-2024-51556

nvd nist
Published: Nov 4, 2024Modified: Nov 22, 2024

JSON object

Loading...
7.1
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: vdisclose@cert-in.org.in (Secondary)

Description

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users.

Affected (2)

Products: 63moons: Aero, Wave 2.0
63moons
2 products
Aero
Wave 2.0
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Aero
Before 120820241550
Wave 2.0
Before 1.1.7

Related CWEs

CWE-327
Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.

References (1)

Source: vdisclose@cert-in.org.in
Third Party Advisory

Timeline

No history available yet.