This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Sep 2024, 19:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:* cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:* |
|
First Time |
Symphonyfintech xts Web Trader
Symphonyfintech Symphonyfintech xts Mobile Trader |
03 Sep 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 11:15
Updated : 2024-09-04 12:15
NVD link : CVE-2024-45588
Mitre link : CVE-2024-45588
CVE.ORG link : CVE-2024-45588
JSON object : View
Products Affected
symphonyfintech
- xts_mobile_trader
- xts_web_trader
CWE
CWE-863
Incorrect Authorization