Описание
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 120820241550 (исключая)Версия до 1.1.7 (исключая)
Одно из
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00394
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts.
EPSS
Процентиль: 60%
0.00394
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639