Search criteria
1 vulnerability by SAMPAŞ Holding
CVE-2024-4259 (GCVE-0-2024-4259)
Vulnerability from cvelistv5 – Published: 2024-09-03 13:15 – Updated: 2025-10-14 12:44
VLAI?
Title
Sensetive Data Exposure in SAMPAS's AKOS
Summary
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.
This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SAMPAŞ Holding | AKOS (AkosCepVatandasService) |
Affected:
0 , < V2.0
(custom)
|
|||||||
|
|||||||||
Credits
Mustafa Anıl YILDIRIM
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sampas_holding:akos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "akos",
"vendor": "sampas_holding",
"versions": [
{
"lessThanOrEqual": "20240902",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:35:12.532689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T13:36:30.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AKOS (AkosCepVatandasService)",
"vendor": "SAMPA\u015e Holding",
"versions": [
{
"lessThan": "V2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AKOS (TahsilatService)",
"vendor": "SAMPA\u015e Holding",
"versions": [
{
"lessThan": "V1.0.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in SAMPA\u015e Holding AKOS (AkosCepVatandasService), SAMPA\u015e Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.\u003cp\u003e\nThis issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.\n\n\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in SAMPA\u015e Holding AKOS (AkosCepVatandasService), SAMPA\u015e Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.\nThis issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7."
}
],
"impacts": [
{
"capecId": "CAPEC-569",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-569 Collect Data as Provided by Users"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T12:44:08.873Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1377"
}
],
"source": {
"advisory": "TR-24-1377",
"defect": [
"TR-24-1377"
],
"discovery": "UNKNOWN"
},
"title": "Sensetive Data Exposure in SAMPAS\u0027s AKOS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-4259",
"datePublished": "2024-09-03T13:15:31.501Z",
"dateReserved": "2024-04-26T14:40:25.762Z",
"dateUpdated": "2025-10-14T12:44:08.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}