CVE-2024-51559
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-51559 is a vulnerability affecting the Wave 2.0 API due to a missing authorization check on specific endpoints. An authenticated attacker can manipulate the "user_id" parameter in API request URLs to gain unauthorized access and perform actions such as creation, modification, and deletion of alerts that belong to other user accounts. This issue poses a significant risk to the security and privacy of user data. Organizations using the Wave 2.0 API are encouraged to implement proper access controls and update their systems as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.