CVE-2024-45586

Name of the Vulnerable Software and Affected Versions: Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1 P160

Description: This issue exists due to improper access controls on APIs in the Authentication module. An authenticated remote attacker could exploit this by manipulating parameters through HTTP requests, potentially leading to unauthorized account takeovers belonging to other users.

Recommendations: For version 2.0.0.1 P160, consider disabling the Authentication module until a patch is available to prevent exploitation. Restrict access to the vulnerable API endpoints to minimize the risk of unauthorized account takeovers. Avoid using manipulated parameters in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.