CVE-2024-4259

CRITICAL

SAMPA Holding AKOS < 2024-09-02 - Missing Authorization in AkosCepVatandasService and TahsilatService

Title source: llm
STIX 2.1

Description

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

References (2)

Core 2
Core References
Broken Link government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-24-1377

Scores

CVSS v3 9.8
EPSS 0.0050
EPSS Percentile 39.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (3)
sambas/akos < 2024-09-02
SAMPAŞ Holding/AKOS (AkosCepVatandasService) < V2.0
SAMPAŞ Holding/AKOS (TahsilatService) < V1.0.7
Published Sep 03, 2024
Tracked Since Feb 18, 2026