Overview
- Description
- This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message containing sensitive information on the targeted system.
- Source
- vdisclose@cert-in.org.in
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- vdisclose@cert-in.org.in
- CWE-209
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F04B8B0A-9AD2-4CB8-B164-4D024B9E8547",
"versionEndExcluding": "120820241550"
},
{
"criteria": "cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CB8ACF7-4C40-492A-AA7E-41FDA5A3B913",
"versionEndExcluding": "1.1.7"
}
],
"operator": "OR"
}
]
}
]