CVE-2024-47654

High

This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API…

CERT-In·CWE-799·Published 2024-10-04

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

340 chars

This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.

NVDen

340 chars

NVDes

385 chars

Esta vulnerabilidad existe en Shilpi Client Dashboard debido a la falta de limitación de velocidad y protección Captcha para solicitudes OTP en ciertos endpoints de API. Un atacante remoto no autenticado podría aprovechar esta vulnerabilidad enviando múltiples solicitudes OTP a través de endpoints de API vulnerables, lo que podría provocar el bombardeo de OTP en el sistema objetivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0	Primary	cve.org	7.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N