This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Sep 2024, 19:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 - Third Party Advisory | |
First Time |
Symphonyfintech xts Web Trader
Symphonyfintech Symphonyfintech xts Mobile Trader |
|
CPE | cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:* cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
03 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 10:15
Updated : 2024-09-04 12:15
NVD link : CVE-2024-45587
Mitre link : CVE-2024-45587
CVE.ORG link : CVE-2024-45587
JSON object : View
Products Affected
symphonyfintech
- xts_mobile_trader
- xts_web_trader
CWE