Talya Informatics Elektraweb vulnerabilities
2 known vulnerabilities affecting talya_informatics/elektraweb.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2024-0949P2CRITICALCVSS 9.8fixed in v17.0.682024-06-27
CVE-2024-0949 [CRITICAL] CWE-306 CVE-2024-0949: Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Crede
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.
This issue affects Elektraweb: before v17.0.68.
nvd
CVE-2024-0947P3CRITICALCVSS 9.8fixed in v17.0.682024-06-27
CVE-2024-0947 [CRITICAL] CWE-565 CVE-2024-0947: Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Ele
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.
This issue affects Elektraweb: before v17.0.68.
nvd