CVE-2024-51559

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 4, 2024

Updated: Nov 8, 2024

CWE ID 639

Summary

CVE-2024-51559 is a vulnerability affecting the Wave 2.0 API due to a missing authorization check on specific endpoints. An authenticated attacker can manipulate the "user_id" parameter in API request URLs to gain unauthorized access and perform actions such as creation, modification, and deletion of alerts that belong to other user accounts. This issue poses a significant risk to the security and privacy of user data. Organizations using the Wave 2.0 API are encouraged to implement proper access controls and update their systems as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z-iL_a
https://www.cve.org/CVERecord?id=CVE-2024-51559
https://nvd.nist.gov/vuln/detail/CVE-2024-51559

Back to Vulnerability Database

CVE-2024-51559

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations