aiM-Star v2.0.1 vulnerability: Bypassing registration constraints
CVE-2024-45789

4.3MEDIUM

Key Information:

Vendor: Reedos Software Solutions
Status: Mutual Fund Distribution Product (aim-star)
Vendor: CVE Published:; 11 September 2024

🔔 Create Reedos Software Solutions Vulnerability Alert

What is CVE-2024-45789?

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.

Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.

Affected Version(s)

Mutual Fund Distribution Product (aiM-Star) 2.0.1

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Sep 9, 2024

Credit

This vulnerability is reported by Mohit Gadiya.