Vulnerabilities > CVE-2024-45586 - Unspecified vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

symphonyfintech

NVD

Published: 2024-09-03

Updated: 2024-09-04

Summary

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.

Vulnerable Configurations

Part	Description	Count
Application	Symphonyfintech Symphonyfintech XTS Mobile Trader 2.0.0.1 Symphonyfintech XTS WEB Trader 2.0.0.1	2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281