Home

Description

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

PUBLISHED Reserved 2024-04-26 | Published 2024-09-03 | Updated 2026-02-11 | Assigner TR-CERT




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

Any version before V2.0
affected

Default status
unaffected

Any version before V1.0.7
affected

Credits

Mustafa Anıl YILDIRIM finder

Yasin TEKİN finder

References

www.usom.gov.tr/bildirim/tr-24-1377

cve.org (CVE-2024-4259)

nvd.nist.gov (CVE-2024-4259)

Download JSON