CVE-2024-45587

EPSS 0.7%
Veröffentlicht 03.09.2024 10:15:06
Zuletzt bearbeitet 04.09.2024 12:15:05
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symphonyfintech ≫ Xts Mobile Trader Version2.0.0.1 Updatep160

Symphonyfintech ≫ Xts Web Trader Version2.0.0.1 Updatep160

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.715

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vdisclose@cert-in.org.in	9.1	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45587

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45587

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45587

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45587