exploitDog

CVE-2024-51557

Опубликовано: 04 нояб. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*

Версия до 120820241550 (исключая)

cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

Версия до 1.1.7 (исключая)

EPSS

Процентиль: 79%

0.01232

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-799

CWE-770

Связанные уязвимости

GHSA-5g37-4gxg-27m8

CVSS3: 6.5

github

больше 1 года назад

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

EPSS

Процентиль: 79%

0.01232

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-799

CWE-770