3 matches found
CVE-2024-45586
CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...
CVE-2024-45588
The CVE-2024-45588 entry describes a vulnerability in Symphony XTS Web Trading platform, version 2.0.0.1_P160, caused by improper access controls in the APIs of the Preference module. An authenticated remote attacker can manipulate HTTP parameters to access and modify sensitive information belong...
CVE-2024-45587
The CVE-2024-45587 issue affects Symphony XTS Web Trading platform 2.0.0.1_P160, arising from improper access controls in the APIs of the Transaction module. An authenticated remote attacker could manipulate parameters via HTTP requests to compromise other user accounts. The vulnerability is docu...