CVE-2024-4259

Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-1377	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:sambas:akos:*:*:*:*:*:*:*:*

History

14 Mar 2025, 09:15

Type	Values Removed	Values Added
Summary	(en) Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	(en) Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

21 Nov 2024, 09:42

Type	Values Removed	Values Added
Summary	(en) Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	(en) Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

05 Sep 2024, 14:14

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de administración de privilegios incorrecta en SAMPA? Holding AKOS permite recopilar datos proporcionados por los usuarios. Este problema afecta a AKOS: hasta el 20240902. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
CPE		cpe:2.3:a:sambas:akos::::::::
References	~~() https://www.usom.gov.tr/bildirim/tr-24-1377 -~~	() https://www.usom.gov.tr/bildirim/tr-24-1377 - Broken Link
First Time		Sambas akos Sambas
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

03 Sep 2024, 15:12

Type	Values Removed	Values Added
Summary	(en) Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	(en) Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

03 Sep 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-03 14:15

Updated : 2025-03-14 09:15

NVD link : CVE-2024-4259

Mitre link : CVE-2024-4259

CVE.ORG link : CVE-2024-4259

JSON object : View

Products Affected

sambas

akos

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

9.8 /10