Описание
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:*
cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00517
Низкий
8.8 High
CVSS3
Дефекты
CWE-863
NVD-CWE-Other
Связанные уязвимости
CVSS3: 8.8
github
больше 1 года назад
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.
EPSS
Процентиль: 66%
0.00517
Низкий
8.8 High
CVSS3
Дефекты
CWE-863
NVD-CWE-Other