exploitDog

CVE-2024-45787

Опубликовано: 11 сент. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:reedos:aim-star:2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-359

NVD-CWE-Other

Связанные уязвимости

GHSA-vggf-h36f-57fp

CVSS3: 6.5

github

больше 1 года назад

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users.

EPSS

Процентиль: 35%

0.00145

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-359

NVD-CWE-Other