Lucene search

[email protected]NVD:CVE-2024-45789

HistorySep 11, 2024 - 12:15 p.m.

CVE-2024-45789

2024-09-1112:15:02

CWE-354

[email protected]

web.nvd.nist.gov

reedos aim-star

api endpoint

registration process

vulnerability

remote attacker

exploitation

constraints

multiple accounts

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.8%

JSON

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.

Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.

Affected configurations

Nvd

Node

reedosaim-starMatch2.0.1

VendorProductVersionCPE
reedosaim-star2.0.1cpe:2.3:a:reedos:aim-star:2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
reedos	aim-star	2.0.1	cpe:2.3:a:reedos:aim-star:2.0.1:::::::*

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.8%

JSON

Related for NVD:CVE-2024-45789

cvelist1 vulnrichment1 cve1