cbcvebase.
CVE-2024-45788
published 2024-09-11

CVE-2024-45788: This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.50%
38.9th percentile
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.

Affected

2 ranges
VendorProductVersion rangeFixed in
reedosaim-star
reedos_software_solutionsmutual_fund_distribution_product

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.