CVE-2024-1107

Published: Jun 27, 2024Modified: Jun 3, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD (Secondary)

Description

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.

Affected (1)

Products: Talyabilisim: Travel Apps

Talyabilisim

1 product

Travel Apps

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Talyabilisim Travel Apps	Before 17.0.68

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0809

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-24-0809

Source: iletisim@usom.gov.tr

Broken Link

https://www.usom.gov.tr/bildirim/tr-24-0809

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.