CVE-2024-45588

EPSS 0.16%
Veröffentlicht 03.09.2024 11:15:15
Zuletzt bearbeitet 04.09.2024 12:15:05
Quelle vdisclose@cert-in.org.in
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symphonyfintech ≫ Xts Mobile Trader Version2.0.0.1 Updatep160

Symphonyfintech ≫ Xts Web Trader Version2.0.0.1 Updatep160

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.369

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vdisclose@cert-in.org.in	9.1	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45588

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45588