6 matches found
CVE-2024-51559
The CVE-2024-51559 entry applies to Wave 2.0 and is supported by connected documents that describe a vulnerability caused by improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this by manipulating API input parameters (e.g., user_id) to gain una...
CVE-2024-51560
The CVE-2024-51560 issue affects Wave 2.0, stemming from improper exception handling for invalid inputs in a specific API endpoint that processes the userId parameter. An authenticated remote attacker could trigger error messages that leak sensitive information about the targeted system. Document...
CVE-2024-51561
CVE-2024-51561 affects Aero (frontend product) due to improper OTP validation in certain API endpoints. An authenticated remote attacker can bypass OTP verification by intercepting/manipulating responses during the second-factor process, potentially accessing other user accounts. Exploitation det...
CVE-2024-51558
The CVE-2024-51558 entry concerns Wave 2.0 where the API-based login lacks restrictions on excessive failed authentication attempts. A remote attacker could perform brute-force attempts against OTP, MPIN, or passwords, potentially gaining unauthorized access and compromising other accounts. Conne...
CVE-2024-51556
The CVE-2024-51556 entry concerns Wave 2.0 with an issue where sensitive data is insufficiently encrypted in API responses. The vulnerability enables an authenticated remote attacker to manipulate API input parameters via the request URL/payload, potentially leading to unauthorized access to othe...
CVE-2024-51557
CVE-2024-51557 concerns Wave 2.0, where an API endpoint allows OTP requests without rate limiting. This vulnerability could enable an authenticated remote attacker to perform OTP bombing/flooding by issuing multiple requests against the vulnerable endpoint. Affected component: Wave 2.0 API handli...