PT-2024-34704 · Wave 2.0 · Wave 2.0
Published
2024-11-04
·
Updated
2024-11-08
·
CVE-2024-51560
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Wave 2.0
Description
This issue is caused by improper exception handling for invalid inputs at a certain API endpoint. An authenticated remote attacker could exploit this by providing invalid inputs for the
userId parameter in the API request, leading to the generation of an error message containing sensitive information on the targeted system.Recommendations
For Wave 2.0, consider disabling the API endpoint that handles the
userId parameter until a proper fix is implemented to handle exceptions for invalid inputs. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the userId parameter in the affected API endpoint until the issue is resolved.Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wave 2.0