Vulnerability Details CVE-2024-51557
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.1%
CVSS Severity
CVSS v3 Score 6.5