CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45790 – User Enumeration vulnerability
https://notcve.org/view.php?id=CVE-2024-45790
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45789 – Parameter Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2024-45789
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application. Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45788 – No Rate Limiting Vulnerability
https://notcve.org/view.php?id=CVE-2024-45788
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45787 – Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-45787
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45786 – Improper Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2024-45786
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 • CWE-639: Authorization Bypass Through User-Controlled Key •