CVE-2024-51556

Severity CVSS v4.0:
HIGH
Type:
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Publication date:
04/11/2024
Last modified:
08/11/2024

Description

This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs leading to unauthorized access to sensitive information belonging to other users.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:* 120820241550 (excluding)
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:* 1.1.7 (excluding)