{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-51559","assignerOrgId":"66834db9-ab24-42b4-be80-296b2e40335c","state":"PUBLISHED","assignerShortName":"CERT-In","dateReserved":"2024-10-29T12:55:06.456Z","datePublished":"2024-11-04T12:20:18.995Z","dateUpdated":"2024-11-22T11:56:04.725Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Wave 2.0","vendor":"Brokerage Technology Solutions","versions":[{"status":"affected","version":"<1.1.7"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability is reported by Mohit Gadiya."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts."}],"value":"This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"CWE-639: Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"66834db9-ab24-42b4-be80-296b2e40335c","shortName":"CERT-In","dateUpdated":"2024-11-22T11:56:04.725Z"},"references":[{"tags":["third-party-advisory"],"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade Wave 2.0 to version 1.1.7 <br>"}],"value":"Upgrade Wave 2.0 to version 1.1.7"}],"source":{"discovery":"UNKNOWN"},"title":"Improper Access Control Vulnerability in Wave 2.0","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-04T15:02:33.955876Z","id":"CVE-2024-51559","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-04T15:02:42.823Z"}}]}}