Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.This issue affects Elektraweb: before v17.0.68.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00182.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Talya Informatics
  • Elektraweb

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-16728 Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.usom.gov.tr/bildirim/tr-24-0808 cve-icon cve-icon
History

Tue, 14 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1390
CWE-284
CWE-732
CWE-862
CWE-863
CWE-923

Tue, 14 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Talya Informatics
Talya Informatics elektraweb
CPEs cpe:2.3:a:talya_informatics:elektraweb:*:*:*:*:*:*:*:*
Vendors & Products Talya Informatics
Talya Informatics elektraweb
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68. Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.This issue affects Elektraweb: before v17.0.68.
Weaknesses CWE-552
CWE-798
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2025-10-14T12:33:41.539Z

Reserved: 2024-01-26T13:00:20.711Z

Link: CVE-2024-0949

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:28.980Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-27T10:15:13.013

Modified: 2025-10-14T13:15:33.347

Link: CVE-2024-0949

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.