CVE-2024-51559

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
04/11/2024
Last modified:
08/11/2024

Description

This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:* 120820241550 (excluding)
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:* 1.1.7 (excluding)