CVE-2024-45787

HIGH Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users.

Related Vulnerabilities

CVE-2022-20942

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security ...

CWE-3592022

CVE-2023-22918

MEDIUM
CVSS:6.5(Medium)

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W)...

CWE-3592023

CVE-2024-13228

MEDIUM
CVSS:6.5(Medium)

The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it pos...

CWE-3592024

CVE-2024-27850

MEDIUM
CVSS:6.5(Medium)

This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpag...

CWE-3592024

CVE-2024-29987

MEDIUM
CVSS:6.5(Medium)

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CWE-3592024

CVE-2024-42347

MEDIUM
CVSS:6.5(Medium)

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews ...

CWE-3592024