CVE-2024-0949 - Vulnerability Details

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.This issue affects Elektraweb: before v17.0.68.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00182.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Talya Informatics	Elektraweb

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-24-0808

History

Tue, 14 Oct 2025 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-1390 CWE-284 CWE-732 CWE-862 CWE-863 CWE-923

Tue, 14 Oct 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Talya Informatics Talya Informatics elektraweb
CPEs		cpe:2.3:a:talya_informatics:elektraweb::::::::
Vendors & Products		Talya Informatics Talya Informatics elektraweb
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 14 Oct 2025 13:00:00 +0000

Type	Values Removed	Values Added
Description	Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.	Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.This issue affects Elektraweb: before v17.0.68.
Weaknesses		CWE-552 CWE-798

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-06-27T09:36:59.897Z

Updated: 2025-10-14T12:33:41.539Z

Reserved: 2024-01-26T13:00:20.711Z

Link: CVE-2024-0949

Vulnrichment

Updated: 2024-08-01T18:26:28.980Z

NVD

Status : Awaiting Analysis

Published: 2024-06-27T10:15:13.013

Modified: 2025-10-14T13:15:33.347

Link: CVE-2024-0949

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object