This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts. | This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts. |
Fri, 08 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
63moons
63moons aero 63moons wave 2.0 |
|
CPEs | cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:* cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:* |
|
Vendors & Products |
63moons
63moons aero 63moons wave 2.0 |
|
Metrics |
cvssV3_1
|
Mon, 04 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 04 Nov 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts. | |
Title | Improper Access Control Vulnerability in Wave 2.0 | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-11-04T12:20:18.995Z
Updated: 2024-11-22T11:56:04.725Z
Reserved: 2024-10-29T12:55:06.456Z
Link: CVE-2024-51559
Vulnrichment
Updated: 2024-11-04T15:02:38.661Z
NVD
Status : Modified
Published: 2024-11-04T13:17:05.650
Modified: 2024-11-22T12:15:19.587
Link: CVE-2024-51559
Redhat
No data.