exploitDog

CVE-2024-51560

Опубликовано: 04 нояб. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*

Версия до 120820241550 (исключая)

cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

Версия до 1.1.7 (исключая)

EPSS

Процентиль: 41%

0.00188

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-209

Связанные уязвимости

GHSA-32h9-hqhx-9j29

CVSS3: 4.3

github

больше 1 года назад

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.

EPSS

Процентиль: 41%

0.00188

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-209