CVE-2024-51556

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 4, 2024

Updated: Nov 8, 2024

CWE ID 327

Summary

CVE-2024-51556 is a vulnerability affecting the Wave 2.0 API that stems from weak encryption of sensitive data. Authenticated attackers can exploit this issue by manipulating the "user_id" parameter in API request URLs, granting unauthorized access to information of other users. This weakness in encryption exposes sensitive data to potential theft or misuse. The vulnerability poses a significant risk for organizations using the Wave 2.0 API and requires immediate attention for remediation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z-hvrV
https://www.cve.org/CVERecord?id=CVE-2024-51556
https://nvd.nist.gov/vuln/detail/CVE-2024-51556

Back to Vulnerability Database

CVE-2024-51556

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations