216.73.217.172

CVE-2024-51556

· Published 04/11/2024 13:17 · Modified 22/11/2024 12:15

Labels: CVE-2024-51556 2024-11-04CVE-2024-51556CWE-327[email protected]

Essential information

Published
04/11/2024 13:17
Modified
22/11/2024 12:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users.

NVD status

Status
Modified — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
63moons / aero cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
63moons / wave 2.0 cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

References