CVE-2024-45786

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users.
Configurations

Configuration 1 (hide)

cpe:2.3:a:reedos:aim-star:2.0.1:*:*:*:*:*:*:*

History

18 Sep 2024, 20:12

Type Values Removed Values Added
First Time Reedos
Reedos aim-star
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 - Third Party Advisory
CPE cpe:2.3:a:reedos:aim-star:2.0.1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
Summary
  • (es) Esta vulnerabilidad existe en la versión 2.0.1 de Reedos aiM-Star debido a controles de acceso inadecuados en determinados endpoints de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad manipulando un parámetro a través de la URL de solicitud de API, lo que podría dar lugar a un acceso no autorizado a información confidencial perteneciente a otros usuarios.

11 Sep 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-11 12:15

Updated : 2024-09-18 20:12


NVD link : CVE-2024-45786

Mitre link : CVE-2024-45786

CVE.ORG link : CVE-2024-45786


JSON object : View

Products Affected

reedos

  • aim-star
CWE
CWE-639

Authorization Bypass Through User-Controlled Key