PT-2024-31690 · Unknown · Symphony Xts Web Trading Platform
Mohit Gadiya
·
Published
2024-09-03
·
Updated
2024-09-07
·
CVE-2024-45587
CVSS v4.0
9.1
Critical
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Symphony XTS Web Trading platform version 2.0.0.1 P160
Description:
This issue exists due to improper access controls on APIs in the Transaction module of the vulnerable application. An authenticated remote attacker could exploit this by manipulating parameters through HTTP requests, potentially leading to the compromise of other user accounts.
Recommendations:
For Symphony XTS Web Trading platform version 2.0.0.1 P160, consider restricting access to the Transaction module until a patch is available. As a temporary workaround, avoid using the vulnerable APIs in the Transaction module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symphony Xts Web Trading Platform