CVE-2024-45586

Summary

CVE-2024-45586 is a vulnerability affecting the Authentication module of the Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160), resulting from improper access controls on APIs. An authenticated remote attacker can exploit this flaw by manipulating HTTP request parameters, potentially leading to unauthorized account takeovers of other users' accounts. The vulnerability has been assigned a high severity rating with a CVSS base score of 8.8, indicating significant risks to confidentiality, integrity, and availability. Organizations should remediate this issue by applying security patches or updates provided by the vendor and reviewing their access control mechanisms for APIs to prevent exploitation. Failure to address this vulnerability could expose sensitive data and undermine user trust in the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.