This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.
Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 | Third Party Advisory |
Configurations
History
18 Sep 2024, 19:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:reedos:aim-star:2.0.1:*:*:*:*:*:*:* | |
Summary |
|
|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 - Third Party Advisory | |
First Time |
Reedos aim-star
Reedos |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
11 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-11 12:15
Updated : 2024-09-18 19:55
NVD link : CVE-2024-45789
Mitre link : CVE-2024-45789
CVE.ORG link : CVE-2024-45789
JSON object : View
Products Affected
reedos
- aim-star
CWE
CWE-354
Improper Validation of Integrity Check Value