- Description
- This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.
- Source
- vdisclose@cert-in.org.in
- NVD status
- Modified
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- vdisclose@cert-in.org.in
- CWE-639
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F04B8B0A-9AD2-4CB8-B164-4D024B9E8547",
"versionEndExcluding": "120820241550"
},
{
"criteria": "cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CB8ACF7-4C40-492A-AA7E-41FDA5A3B913",
"versionEndExcluding": "1.1.7"
}
],
"operator": "OR"
}
]
}
]