Description
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411.
References (2)
Core 2
Core References
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0074
Third Party Advisory, US Government Resource government-resource
broken-link
https://www.usom.gov.tr/bildirim/tr-25-0074
Scores
CVSS v3
9.0
EPSS
0.0016
EPSS Percentile
5.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-319
CWE-522
CWE-648
Status
published
Products (1)
Sechard Information Technologies/SecHard
< 3.3.0.20220411
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026