← Back

CVE-2024-51560

nvd nist
Published: Nov 4, 2024Modified: Nov 8, 2024

JSON object

Loading...
7.1
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: vdisclose@cert-in.org.in (Secondary)

Description

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.

Affected (2)

Products: 63moons: Aero, Wave 2.0
63moons
2 products
Aero
Wave 2.0
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Aero
Before 120820241550
Wave 2.0
Before 1.1.7

Related CWEs

CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (1)

Source: vdisclose@cert-in.org.in
Third Party Advisory

Timeline

No history available yet.