Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

XTS Mobile Trader

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2024-45586
Assigner-Indian Computer Emergency Response Team (CERT-In)
ShareView Details
Assigner-Indian Computer Emergency Response Team (CERT-In)
CVSS Score-9.2||CRITICAL
EPSS-0.25% / 48.29%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 10:02
Updated-04 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Account Take Over Vulnerability

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users.

Action-Not Available
Vendor-symphonyfintechSymphony Fintechsymphonyfintech
Product-xts_mobile_traderxts_web_traderXTS Mobile TraderXTS Web Traderxts_mobile_traderxts_web_trader
CWE ID-CWE-863
Incorrect Authorization