Vulnerabilities > CVE-2024-51559 - Authorization Bypass Through User-Controlled Key vulnerability in 63Moons Aero and Wave 2.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

63moons

CWE-639

NVD

Published: 2024-11-04

Updated: 2024-11-08

Summary

This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “user_id” through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts.

Vulnerable Configurations

Part	Description	Count
Application	63Moons 63Moons Aero * 63Moons Wave 2.0 *	2

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332