CVE-2024-45588

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Sep 3, 2024
Updated: Sep 4, 2024
CWE ID 863

Summary

CVE-2024-45588 is a high-severity vulnerability affecting the Symphony XTS Web Trading platform version 2.0.0.1_P160, which arises from improper access controls on APIs within the Preference module. An authenticated remote attacker can exploit this flaw by manipulating HTTP request parameters, potentially leading to unauthorized access and modification of sensitive user information. The vulnerability has a CVSS base score of 8.1, indicating significant risks for confidentiality and integrity impacts, with low privileges required for exploitation and no user interaction needed. Organizations using the affected version are advised to implement appropriate access control measures and update their systems to mitigate this risk. For further guidance, users can refer to resources such as the advisory provided by CERT-In.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share