CVE-2024-45587 CRITICAL

CVE-2024-45587: Unauthorized Modification Vulnerability

Vendor Symphony Fintech

Product XTS Web Trader

Weakness CWE-863 · Incorrect authorization

Published September 3, 2024

Last update September 4, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts.

Key dates

02Disclosure timeline

September 3, 2024 CVE published

September 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45587 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2024-45587: Unauthorized Modification Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE