exploitDog

CVE-2024-45588

Опубликовано: 03 сент. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1:p160:*:*:*:*:*:*

cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1:p160:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00157

Низкий

8.1 High

CVSS3

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-mcwc-jfpx-gq94

CVSS3: 8.1

github

больше 1 года назад

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.

EPSS

Процентиль: 37%

0.00157

Низкий

8.1 High

CVSS3

Дефекты

CWE-863

CWE-863