CVE-2024-51556
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 4, 2024
Updated: Nov 8, 2024
CWE ID 327
Summary
CVE-2024-51556 is a vulnerability affecting the Wave 2.0 API that stems from weak encryption of sensitive data. Authenticated attackers can exploit this issue by manipulating the "user_id" parameter in API request URLs, granting unauthorized access to information of other users. This weakness in encryption exposes sensitive data to potential theft or misuse. The vulnerability poses a significant risk for organizations using the Wave 2.0 API and requires immediate attention for remediation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share