HAVELSAN Inc.'s Geographic Tracking System contains an Improper Access Control vulnerability (CWE-284, CWE-862) that allows an attacker to access functionality that should be constrained by access control lists. The vulnerability could lead to unauthorized disclosure of sensitive geographic data or manipulation of tracking information, potentially compromising both confidentiality and integrity of the system. The CVSS score of 9.1 indicates a high severity. The description does not specify whether authentication is required, so the threat is derived from the lack of proper authorization checks; it may be exploitable by anyone who can reach the affected functions, whether through authenticated or unauthenticated channels.

The vulnerability affects HAVELSAN Inc.'s Geographic Tracking System versions prior to v0.0.2.

With a CVSS score of 9.1 and no EPSS data available, the risk remains high but the likelihood of exploitation is uncertain. The vulnerability is not currently listed in the CISA KEV catalog, and no public exploits are known. The likely attack vector is network-based, targeting exposed APIs or web interfaces where access control checks are insufficient. An attacker could trigger the vulnerability by interacting with the impacted functions without proper authorization, potentially gaining unauthorized access to the system's data and controls.