CVE-2024-0949
published 2024-06-27CVE-2024-0949: Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.6th percentile
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.
This issue affects Elektraweb: before v17.0.68.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| talya_informatics | elektraweb | < v17.0.68 | v17.0.68 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Talya Informatics Elektraweb up to 17.0.67 access control
vuldb·2026-06-03·CVSS 9.8
CVE-2024-0949 [CRITICAL] Talya Informatics Elektraweb up to 17.0.67 access control
A vulnerability categorized as critical has been discovered in Talya Informatics Elektraweb up to 17.0.67. This affects an unknown function. Such manipulation leads to improper access controls.
This vulnerability is documented as CVE-2024-0949. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-vh95-79cj-7hvx: Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication
ghsa_unreviewed·2024-06-27
CVE-2024-0949 [CRITICAL] CWE-1390 GHSA-vh95-79cj-7hvx: Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shar
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-27
Published