Vulnerabilities > CVE-2024-51559 - Unspecified vulnerability in 63Moons Aero and Wave 2.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

63moons

NVD

Published: 2024-11-04

Updated: 2024-11-22

Summary

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.

Vulnerable Configurations

Part	Description	Count
Application	63Moons 63Moons Aero * 63Moons Wave 2.0 *	2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332