CVE-2024-0949

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0949
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.This issue affects Elektraweb: before v17.0.68.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.usom.gov.tr/bildirim/tr-24-0808
https://www.usom.gov.tr/bildirim/tr-24-0808
Configurations

No configuration.

History

14 Oct 2025, 13:15

Type Values Removed Values Added
CWE CWE-923
CWE-863
CWE-1390
CWE-284
CWE-732
CWE-862		 CWE-798
CWE-552
Summary (en) Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68. (en) Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.This issue affects Elektraweb: before v17.0.68.
Information

Published : 2024-06-27 10:15

Updated : 2025-10-14 13:15

NVD link : CVE-2024-0949

Mitre link : CVE-2024-0949

CVE.ORG link : CVE-2024-0949

JSON object : View

Products Affected

No product.

CWE
CWE-306

Missing Authentication for Critical Function

CWE-552

Files or Directories Accessible to External Parties

CWE-798

Use of Hard-coded Credentials