Описание
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 120820241550 (исключая)Версия до 1.1.7 (исключая)
Одно из
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-327
CWE-327
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs leading to unauthorized access to sensitive information belonging to other users.
EPSS
Процентиль: 24%
0.00083
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-327
CWE-327