HIGH🇬🇧 English

CVE-2024-51556

CVSS 7.1v4.0pub. 2024-11-04upd. 2024-11-22

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • 63moons Aero

    APP
    63Moons
    < 120820241550
  • 63moons Wave 2.0

    APP
    63Moons
    < 1.1.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-51558CRITICAL9.3PL ✓ten sam produkt

Brak ograniczeń liczby prób logowania w Wave 2.0 (brute force)

CVE-2024-51561CRITICAL9.3PL ✓ten sam produkt

Obejście weryfikacji OTP w produktach 63Moons Aero i Wave 2.0

CVE-2024-51557HIGH7.1ten sam produkt

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An ...

CVE-2024-51559HIGH7.1ten sam produkt

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An au...

CVE-2024-51560HIGH7.1ten sam produkt

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API...