216.73.216.86

CVE-2024-51560

· Published 04/11/2024 13:17 · Modified 08/11/2024 15:18

Labels: CVE-2024-51560 2024-11-04CVE-2024-51560CWE-209[email protected]

Essential information

Published
04/11/2024 13:17
Modified
08/11/2024 15:18
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
63moons / aero cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
63moons / wave 2.0 cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

References