Lucene search

TR-CERTCVELIST:CVE-2024-3375

HistoryApr 29, 2024 - 9:00 a.m.

CVE-2024-3375 Broken Access Control in Havelsan's Dialogue

2024-04-2909:00:09

CWE-732

TR-CERT

www.cve.org

cve-2024-3375

broken access control

havelsan dialogue

incorrect permission assignment

critical resource

acls

vulnerability

functionality

v1.83

v1.83.1

v1.84

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dialogue",
    "vendor": "Havelsan Inc.",
    "versions": [
      {
        "lessThan": "v1.83.1 or v1.84",
        "status": "affected",
        "version": "v1.83",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0363

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVELIST:CVE-2024-3375