Vulnerabilities > CVE-2024-45588 - Incorrect Authorization vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

symphonyfintech

CWE-863

NVD

Published: 2024-09-03

Updated: 2024-09-04

Summary

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.

Vulnerable Configurations

Part	Description	Count
Application	Symphonyfintech Symphonyfintech XTS Mobile Trader 2.0.0.1 Symphonyfintech XTS WEB Trader 2.0.0.1	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281