Talya Informatics 的 Elektraweb 中的访问控制不当(CVE-2024-0949)
CVE编号
CVE-2024-0949利用情况
暂无补丁情况
N/A披露时间
2024-06-27漏洞描述
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-0808 |
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-1390 | Weak Authentication |
| CWE-284 | 访问控制不恰当 |
| CWE-306 | 关键功能的认证机制缺失 |
| CWE-732 | 关键资源的不正确权限授予 |
| CWE-862 | 授权机制缺失 |
| CWE-863 | 授权机制不正确 |
| CWE-923 | 通信信道对预期端点的不适当限制 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论