exploitDog

CVE-2024-45586

Опубликовано: 03 сент. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:*

cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.0075

Низкий

8.8 High

CVSS3

Дефекты

CWE-863

NVD-CWE-Other

Связанные уязвимости

GHSA-hvhq-mcxw-w38r

CVSS3: 8.8

github

больше 1 года назад

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.

EPSS

Процентиль: 73%

0.0075

Низкий

8.8 High

CVSS3

Дефекты

CWE-863

NVD-CWE-Other