CVE-2024-51556

Name of the Vulnerable Software and Affected Versions Wave version 2.0

Description The issue arises from insufficient encryption of sensitive data received at the API response, allowing an authenticated remote attacker to exploit it by manipulating API input parameters. This could lead to unauthorized access to sensitive information belonging to other users.

Recommendations For Wave version 2.0, consider disabling access to sensitive API endpoints until a patch is available, and restrict manipulation of API input parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.