PT-2024-31767 · Reedos · Reedos Aim-Star
Mohit Gadiya
·
Published
2024-09-11
·
Updated
2024-09-18
·
CVE-2024-45787
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Reedos aiM-Star version 2.0.1
Description:
This issue exists due to the transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this by manipulating a parameter through the API request URL and intercepting the response of the API request, leading to exposure of sensitive information belonging to other users.
Recommendations:
For Reedos aiM-Star version 2.0.1, consider restricting access to sensitive API endpoints until a patch is available. As a temporary workaround, avoid using parameters that could lead to the exposure of sensitive information in API requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reedos Aim-Star