Vulnerabilities > CVE-2024-45587 - Unspecified vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

symphonyfintech

NVD

Published: 2024-09-03

Updated: 2024-09-04

Summary

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.

Vulnerable Configurations

Part	Description	Count
Application	Symphonyfintech Symphonyfintech XTS Mobile Trader 2.0.0.1 Symphonyfintech XTS WEB Trader 2.0.0.1	2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281