CVE-2024-45587
HIGHSymphony XTS Web Trading Platform 2.0.0.1_P160 - Authenticated Incorrect Authorization in Transaction Module API
Title source: llmDescription
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281
Scores
CVSS v3
8.8
EPSS
0.0042
EPSS Percentile
33.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (2)
symphonyfintech/xts_mobile_trader
2.0.0.1 p160
symphonyfintech/xts_web_trader
2.0.0.1 p160
Published
Sep 03, 2024
Tracked Since
Feb 18, 2026