CVE-2024-1153 - OpenCVE

Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Talyabilisim	Travel Apps

Configuration 1 [-]

cpe:2.3:a:talyabilisim:travel_apps:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-24-0809

History

Mon, 16 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Talyabilisim Talyabilisim travel Apps
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:talyabilisim:travel_apps::::::::
Vendors & Products		Talyabilisim Talyabilisim travel Apps

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-06-27T13:09:28.115Z

Updated: 2024-08-01T18:26:30.554Z

Reserved: 2024-02-01T12:14:53.148Z

Link: CVE-2024-1153

Vulnrichment

Updated: 2024-08-01T18:26:30.554Z

NVD

Status : Analyzed

Published: 2024-06-27T14:15:12.957

Modified: 2024-09-16T17:39:45.023

Link: CVE-2024-1153

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1153", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-02-01T12:14:53.148Z", "datePublished": "2024-06-27T13:09:28.115Z", "dateUpdated": "2024-08-01T18:26:30.554Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Travel APPS", "vendor": "Talya Informatics", "versions": [{"lessThan": "v17.0.68", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Travel APPS: before v17.0.68.</p>"}], "value": "Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-06-27T13:09:28.115Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}], "source": {"advisory": "TR-24-0809", "defect": ["TR-24-0809"], "discovery": "UNKNOWN"}, "title": "Improper Access Control in Talya Informatics' Travel APPS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T17:59:08.036815Z", "id": "CVE-2024-1153", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T17:59:15.062Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.554Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.554Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1153", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-27T17:59:08.036815Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T17:59:11.944Z"}}], "cna": {"title": "Improper Access Control in Talya Informatics' Travel APPS", "source": {"defect": ["TR-24-0809"], "advisory": "TR-24-0809", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Talya Informatics", "product": "Travel APPS", "versions": [{"status": "affected", "version": "0", "lessThan": "v17.0.68", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.", "supportingMedia": [{"type": "text/html", "value": "Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Travel APPS: before v17.0.68.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-06-27T13:09:28.115Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1153", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:26:30.554Z", "dateReserved": "2024-02-01T12:14:53.148Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2024-06-27T13:09:28.115Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:talyabilisim:travel_apps:*:*:*:*:*:*:*:*", "matchCriteriaId": "35CC2D40-AADD-4C15-BC69-229A279024D6", "versionEndExcluding": "17.0.68", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado en las aplicaciones de viaje de Talya Informatics permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las aplicaciones de viaje: anteriores a v17.0.68."}], "id": "CVE-2024-1153", "lastModified": "2024-09-16T17:39:45.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}, "published": "2024-06-27T14:15:12.957", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Broken Link"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0809"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}