CVE-2024-45588

HIGH

Symphony XTS Web Trading Platform 2.0.0.1_P160 - Authenticated Incorrect Authorization in Preference Module API

Title source: llm

Description

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.

References (1)

Core 1

Core References

Third Party Advisory third-party-advisory

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281

Scores

CVSS v3 8.1

EPSS 0.0036

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (2)

symphonyfintech/xts_mobile_trader 2.0.0.1 p160

symphonyfintech/xts_web_trader 2.0.0.1 p160

Published Sep 03, 2024

Tracked Since Feb 18, 2026