Lucene search

CERT-InCVELIST:CVE-2024-45788

HistorySep 11, 2024 - 11:56 a.m.

CVE-2024-45788 No Rate Limiting Vulnerability

2024-09-1111:56:43

CWE-799

CERT-In

www.cve.org

cve-2024-45788

reedos aim-star

otp rate limiting

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

0.001

Percentile

17.8%

JSON

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mutual Fund Distribution Product (aiM-Star)",
    "vendor": "Reedos Software Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.1"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

0.001

Percentile

17.8%

JSON

Related for CVELIST:CVE-2024-45788