MEDIUM🇬🇧 English

CVE-2024-45789

CVSS 6.9v4.0pub. 2024-09-11upd. 2024-09-18

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application. Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Reedos Aim Star

    APP
    Reedos
    2.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-45790CRITICAL9.3PL ✓ten sam produkt

Reedos aiM-Star: brak limitu prób logowania umożliwia atak brute force

CVE-2024-45786HIGH8.7ten sam produkt

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API ...

CVE-2024-45787HIGH8.7ten sam produkt

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in pla...

CVE-2024-45788HIGH8.7ten sam produkt

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in cer...

CVE-2024-45789 — MEDIUM 6.9 | CVEbaza.pl