CVE Vulnerabilities

CVE-2024-45788

Improper Control of Interaction Frequency

Published: Sep 11, 2024 | Modified: Sep 18, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.

Weakness

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

Affected Software

Name Vendor Start Version End Version
Aim-star Reedos 2.0.1 (including) 2.0.1 (including)

References