Vulnerability Details CVE-2024-45586
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 73.2%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-45586
-
cpe:2.3:a:symphonyfintech:xts_mobile_trader:2.0.0.1
-
cpe:2.3:a:symphonyfintech:xts_web_trader:2.0.0.1