This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Sep 2024, 19:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Symphonyfintech
Symphonyfintech xts Mobile Trader Symphonyfintech xts Web Trader |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:* cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:* |
|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281 - Third Party Advisory |
03 Sep 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 11:15
Updated : 2024-09-04 12:15
NVD link : CVE-2024-45588
Mitre link : CVE-2024-45588
CVE.ORG link : CVE-2024-45588
JSON object : View
Products Affected
symphonyfintech
- xts_web_trader
- xts_mobile_trader
CWE
CWE-863
Incorrect Authorization