CVE-2024-45587

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 3, 2024
Updated: Sep 4, 2024
CWE ID 863

Summary

CVE-2024-45587 is a high-severity vulnerability affecting the Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs within its Transaction module. An authenticated remote attacker can exploit this flaw by manipulating parameters in HTTP requests, potentially compromising other user accounts. The vulnerability has a base score of 8.8 and an exploitability score of 2.8, indicating a low attack complexity and requiring minimal privileges to exploit. Organizations using the affected products, identified as 'yS-KbQ', 'yUM1F7', and 'yUKfcY', are advised to implement proper access control measures and update their systems to mitigate the risk posed by this vulnerability. Failure to address this issue could result in significant impacts on confidentiality, integrity, and availability of user data within the affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share