Lucene search

K
vulnrichmentCERT-InVULNRICHMENT:CVE-2024-51557
HistoryNov 04, 2024 - 12:12 p.m.

CVE-2024-51557 No Rate Limiting Vulnerability in Wave 2.0

2024-11-0412:12:41
CWE-799
CERT-In
github.com
vulnerability
wave 2.0
otp request
rate limiting
api endpoint
authenticated
remote attacker
flooding

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

14.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

14.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-51557