This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Nov 2024, 15:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - Third Party Advisory | |
First Time |
63moons wave 2.0
63moons aero 63moons |
|
CPE | cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:* cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
Summary |
|
04 Nov 2024, 13:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-04 13:17
Updated : 2024-11-08 15:18
NVD link : CVE-2024-51560
Mitre link : CVE-2024-51560
CVE.ORG link : CVE-2024-51560
JSON object : View
Products Affected
63moons
- aero
- wave_2.0
CWE
CWE-209
Generation of Error Message Containing Sensitive Information