CVE-2024-45789 MEDIUM

CVE-2024-45789: Parameter Tampering Vulnerability

Vendor Reedos Software Solutions
Product Mutual Fund Distribution Product (aiM-Star)
Weakness CWE-354
Published September 11, 2024
Last update September 11, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application. Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.

Key dates

02Disclosure timeline

September 11, 2024 CVE published
September 11, 2024 Record updated