CVE-2024-45586

Summary

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.

Affected Software

VendorProductVersion RangeStatus
Symphony FintechXTS Web Trader2.0.0.1_P160affected
Symphony FintechXTS Mobile Trader2.0.0.1_P160affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References