CVE-2024-1107

CRITICAL

Talya Informatics Travel APPS <v17.0.68 - Auth Bypass

Title source: llm

Description

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.

References (2)

Core 2

Core References

Broken Link government-resource broken-link

https://www.usom.gov.tr/bildirim/tr-24-0809

Government Resource government-resource

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0809

Scores

CVSS v3 9.8

EPSS 0.0047

EPSS Percentile 36.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-639

Status published

Products (2)

Talya Informatics/Travel APPS < v17.0.68

talyabilisim/travel_apps < 17.0.68

Published Jun 27, 2024

Tracked Since Feb 18, 2026