Lucene search
+L

6 matches found

CVE
CVE
added 2024/11/04 12:20 p.m.99 views

CVE-2024-51559

The CVE-2024-51559 entry applies to Wave 2.0 and is supported by connected documents that describe a vulnerability caused by improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this by manipulating API input parameters (e.g., user_id) to gain una...

7.1CVSS6.5AI score0.00331EPSS
CVE
CVE
added 2024/11/04 12:23 p.m.98 views

CVE-2024-51560

The CVE-2024-51560 issue affects Wave 2.0, stemming from improper exception handling for invalid inputs in a specific API endpoint that processes the userId parameter. An authenticated remote attacker could trigger error messages that leak sensitive information about the targeted system. Document...

7.1CVSS4.4AI score0.00343EPSS
CVE
CVE
added 2024/11/04 12:29 p.m.95 views

CVE-2024-51561

CVE-2024-51561 affects Aero (frontend product) due to improper OTP validation in certain API endpoints. An authenticated remote attacker can bypass OTP verification by intercepting/manipulating responses during the second-factor process, potentially accessing other user accounts. Exploitation det...

9.3CVSS7.6AI score0.00518EPSS
CVE
CVE
added 2024/11/04 12:15 p.m.91 views

CVE-2024-51558

The CVE-2024-51558 entry concerns Wave 2.0 where the API-based login lacks restrictions on excessive failed authentication attempts. A remote attacker could perform brute-force attempts against OTP, MPIN, or passwords, potentially gaining unauthorized access and compromising other accounts. Conne...

9.8CVSS9.6AI score0.00547EPSS
CVE
CVE
added 2024/11/04 12:9 p.m.80 views

CVE-2024-51556

The CVE-2024-51556 entry concerns Wave 2.0 with an issue where sensitive data is insufficiently encrypted in API responses. The vulnerability enables an authenticated remote attacker to manipulate API input parameters via the request URL/payload, potentially leading to unauthorized access to othe...

7.1CVSS6.2AI score0.00211EPSS
CVE
CVE
added 2024/11/04 12:12 p.m.79 views

CVE-2024-51557

CVE-2024-51557 concerns Wave 2.0, where an API endpoint allows OTP requests without rate limiting. This vulnerability could enable an authenticated remote attacker to perform OTP bombing/flooding by issuing multiple requests against the vulnerable endpoint. Affected component: Wave 2.0 API handli...

7.1CVSS6.4AI score0.00447EPSS