OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Talyabilisim	Travel Apps

Configuration 1 [-]

cpe:2.3:a:talyabilisim:travel_apps:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-24-0809

History

Mon, 16 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Talyabilisim Talyabilisim travel Apps
CPEs		cpe:2.3:a:talyabilisim:travel_apps::::::::
Vendors & Products		Talyabilisim Talyabilisim travel Apps

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-06-27T13:01:50.247Z

Updated: 2024-08-01T18:26:30.592Z

Reserved: 2024-01-31T11:55:36.897Z

Link: CVE-2024-1107

Vulnrichment

Updated: 2024-08-01T18:26:30.592Z

NVD

Status : Modified

Published: 2024-06-27T13:15:54.560

Modified: 2024-11-21T08:49:48.697

Link: CVE-2024-1107

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1107", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-01-31T11:55:36.897Z", "datePublished": "2024-06-27T13:01:50.247Z", "dateUpdated": "2024-08-01T18:26:30.592Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Travel APPS", "vendor": "Talya Informatics", "versions": [{"lessThan": "v17.0.68", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mevra DEM\u0130RALAY"}, {"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Travel APPS: before v17.0.68.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-06-27T13:01:50.247Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}], "source": {"advisory": "TR-24-0809", "defect": ["TR-24-0809"], "discovery": "UNKNOWN"}, "title": "IDOR in Talya Informatics' Travel APPS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "talya_informatics", "product": "travel_apps", "cpes": ["cpe:2.3:a:talya_informatics:travel_apps:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.0.68", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T18:12:26.245262Z", "id": "CVE-2024-1107", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T18:15:29.308Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.592Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.592Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-27T18:12:26.245262Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:talya_informatics:travel_apps:*:*:*:*:*:*:*:*"], "vendor": "talya_informatics", "product": "travel_apps", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.68", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T18:15:25.463Z"}}], "cna": {"title": "IDOR in Talya Informatics' Travel APPS", "source": {"defect": ["TR-24-0809"], "advisory": "TR-24-0809", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mevra DEM\u0130RALAY"}, {"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Talya Informatics", "product": "Travel APPS", "versions": [{"status": "affected", "version": "0", "lessThan": "v17.0.68", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Travel APPS: before v17.0.68.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-06-27T13:01:50.247Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1107", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:26:30.592Z", "dateReserved": "2024-01-31T11:55:36.897Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2024-06-27T13:01:50.247Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:talyabilisim:travel_apps:*:*:*:*:*:*:*:*", "matchCriteriaId": "35CC2D40-AADD-4C15-BC69-229A279024D6", "versionEndExcluding": "17.0.68", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68."}, {"lang": "es", "value": "La vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en las aplicaciones de viaje de Talya Informatics permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las aplicaciones de viaje: anteriores a v17.0.68."}], "id": "CVE-2024-1107", "lastModified": "2024-11-21T08:49:48.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-27T13:15:54.560", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Broken Link"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}