Free Trial

CVE-2024-51561 : BROKERAGE TECHNOLOGY SOLUTIONS AERO API ENDPOINT RELIANCE ON UNTRUSTED INPUTS IN A SECURITY DECISION

Description

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-51561 : BROKERAGE TECHNOLOGY SOLUTIONS AERO API ENDPOINT RELIANCE ON UNTRUSTED INPUTS IN A SECURITY DECISION
CVE-2024-51561 : BROKERAGE TECHNOLOGY SOLUTIONS AERO API ENDPOINT RELIANCE ON UNTRUSTED INPUTS IN A SECURITY DECISION

Contact us to get started

CVE-2024-51136 : OPENIMAJ 1.3.10 DMOZ2CSV XML EXTERNAL ENTITY REFERENCE

CVE-2024-51136 : OPENIMAJ 1.3.10 DMOZ2CSV XML EXTERNAL ENTITY REFERENCE

Description An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute

Learn more
CVE-2024-48809 : OPEN NETWORKING FOUNDATION SDRAN-IN-A-BOX/ONOS-A1T DELETEWATCHER DENIAL OF SERVICE

CVE-2024-48809 : OPEN NETWORKING FOUNDATION SDRAN-IN-A-BOX/ONOS-A1T DELETEWATCHER DENIAL OF SERVICE

Description An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial

Learn more
CVE-2024-45164 : AKAMAI SPS/APPS PORTAL SIA THREATAVERT THREATAVERTPOLICIES IMPROPER AUTHORIZATION

CVE-2024-45164 : AKAMAI SPS/APPS PORTAL SIA THREATAVERT THREATAVERTPOLICIES IMPROPER AUTHORIZATION

Description Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and

Learn more