{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45789", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "state": "PUBLISHED", "assignerShortName": "CERT-In", "dateReserved": "2024-09-09T11:02:56.323Z", "datePublished": "2024-09-11T12:00:28.464Z", "dateUpdated": "2024-09-11T13:29:41.194Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mutual Fund Distribution Product (aiM-Star)", "vendor": "Reedos Software Solutions", "versions": [{"status": "affected", "version": "2.0.1"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "This vulnerability is reported by Mohit Gadiya."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.<br><br>Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts."}], "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.\n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354: Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2024-09-11T12:00:28.464Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2<br>"}], "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2"}], "source": {"discovery": "UNKNOWN"}, "title": "Parameter Tampering Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "reedos", "product": "aim-star", "cpes": ["cpe:2.3:a:reedos:aim-star:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.0.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T13:19:15.979131Z", "id": "CVE-2024-45789", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T13:29:41.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45789", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T13:19:15.979131Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:reedos:aim-star:*:*:*:*:*:*:*:*"], "vendor": "reedos", "product": "aim-star", "versions": [{"status": "affected", "version": "2.0.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T13:29:33.912Z"}}], "cna": {"title": "Parameter Tampering Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "This vulnerability is reported by Mohit Gadiya."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Reedos Software Solutions", "product": "Mutual Fund Distribution Product (aiM-Star)", "versions": [{"status": "affected", "version": "2.0.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2", "supportingMedia": [{"type": "text/html", "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2<br>", "base64": false}]}], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.\n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.", "supportingMedia": [{"type": "text/html", "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.<br><br>Successful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2024-09-11T12:00:28.464Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45789", "state": "PUBLISHED", "dateUpdated": "2024-09-11T13:29:41.194Z", "dateReserved": "2024-09-09T11:02:56.323Z", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "datePublished": "2024-09-11T12:00:28.464Z", "assignerShortName": "CERT-In"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:reedos:aim-star:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B863974A-47F2-4A3A-9614-26F30737B0FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the \u2018mode\u2019 parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerable application.\n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass certain constraints in the registration process leading to creation of multiple accounts."}, {"lang": "es", "value": "Esta vulnerabilidad existe en la versi\u00f3n 2.0.1 de Reedos aiM-Star debido a una validaci\u00f3n incorrecta del par\u00e1metro 'mode' en el endpoint de la API utilizado durante el proceso de registro. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad manipulando el par\u00e1metro en el cuerpo de la solicitud de la API en la aplicaci\u00f3n vulnerable. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir al atacante eludir ciertas restricciones en el proceso de registro, lo que llevar\u00eda a la creaci\u00f3n de m\u00faltiples cuentas."}], "id": "CVE-2024-45789", "lastModified": "2024-09-18T19:55:58.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "vdisclose@cert-in.org.in", "type": "Secondary"}]}, "published": "2024-09-11T12:15:02.343", "references": [{"source": "vdisclose@cert-in.org.in", "tags": ["Third Party Advisory"], "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291"}], "sourceIdentifier": "vdisclose@cert-in.org.in", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "vdisclose@cert-in.org.in", "type": "Primary"}]}

{}