cvelist/2024/51xxx/CVE-2024-51559.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-51559",
        "ASSIGNER": "vdisclose@cert-in.org.in",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-639: Authorization Bypass Through User-Controlled Key",
                        "cweId": "CWE-639"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Brokerage Technology Solutions",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Wave 2.0",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "<1.1.7"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332",
                "refsource": "MISC",
                "name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Upgrade Wave 2.0 to version 1.1.7 <br>"
                }
            ],
            "value": "Upgrade Wave 2.0 to version 1.1.7"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "This vulnerability is reported by Mohit Gadiya."
        }
    ]
}
"-Synchronized-Data." 2024-10-29 13:00:38 +00:00			`{`
"-Synchronized-Data." 2024-11-04 13:02:37 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-10-29 13:00:38 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-51559",`
"-Synchronized-Data." 2024-11-04 13:02:37 +00:00			`"ASSIGNER": "vdisclose@cert-in.org.in",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-10-29 13:00:38 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-11-22 12:00:31 +00:00			`"value": "This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts."`
"-Synchronized-Data." 2024-11-04 13:02:37 +00:00			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-639: Authorization Bypass Through User-Controlled Key",`
			`"cweId": "CWE-639"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Brokerage Technology Solutions",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Wave 2.0",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "<1.1.7"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332",`
			`"refsource": "MISC",`
			`"name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332"`
"-Synchronized-Data." 2024-10-29 13:00:38 +00:00			`}`
			`]`
"-Synchronized-Data." 2024-11-04 13:02:37 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.2.0"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "Upgrade Wave 2.0 to version 1.1.7 <br>"`
			`}`
			`],`
			`"value": "Upgrade Wave 2.0 to version 1.1.7"`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "This vulnerability is reported by Mohit Gadiya."`
			`}`
			`]`
"-Synchronized-Data." 2024-10-29 13:00:38 +00:00			`}`