VYPR
Vendor

Wave

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2024-51558CriNov 4, 2024
    risk 0.64cvss 9.8epss 0.01

    This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which…

  • CVE-2024-51559MedNov 4, 2024
    risk 0.42cvss 6.5epss 0.00

    This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other…

  • CVE-2024-51557MedNov 4, 2024
    risk 0.42cvss 6.5epss 0.00

    This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP…

  • CVE-2024-51556MedNov 4, 2024
    risk 0.42cvss 6.5epss 0.00

    This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized…

  • CVE-2024-51560MedNov 4, 2024
    risk 0.28cvss 4.3epss 0.00

    This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to…

  • CVE-2013-3578Jul 15, 2013
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to…

  • CVE-2013-3577Jul 15, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field).