CVE-2024-45587

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:*
cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:*

History

04 Sep 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad existe en la plataforma Symphony XTS Web Trading versión 2.0.0.1_P160 debido a controles de acceso inadecuados en las API del módulo Transacción de la aplicación vulnerable. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad manipulando parámetros a través de una solicitud HTTP, lo que podría provocar la vulneración de otras cuentas de usuario.

03 Sep 2024, 19:55

Type Values Removed Values Added
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 - Third Party Advisory
CWE NVD-CWE-Other
CPE cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:*
cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:*
First Time Symphonyfintech
Symphonyfintech xts Mobile Trader
Symphonyfintech xts Web Trader
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

03 Sep 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 10:15

Updated : 2024-09-04 12:15


NVD link : CVE-2024-45587

Mitre link : CVE-2024-45587

CVE.ORG link : CVE-2024-45587


JSON object : View

Products Affected

symphonyfintech

  • xts_web_trader
  • xts_mobile_trader
CWE
NVD-CWE-Other CWE-863

Incorrect Authorization