Access Control Flaw in Havelsan Dialogue Software
CVE-2024-3375

9.4CRITICAL

Key Information:

Vendor: Havelsan Inc.
Status: Dialogue
Vendor: CVE Published:; 29 April 2024

🔔 Create Havelsan Inc. Vulnerability Alert

What is CVE-2024-3375?

A vulnerability in Havelsan Inc.'s Dialogue software has been identified, which stems from improper permission assignments for a critical resource. This flaw allows unauthorized users to access functionalities that should be restricted based on Access Control Lists (ACLs). The affected versions are Dialogue v1.83 prior to v1.83.1 and v1.84. Organizations using vulnerable versions are encouraged to update their software promptly to mitigate the risks associated with this access control issue.

Affected Version(s)

Dialogue v1.83

References

https://www.usom.gov.tr/bildirim/tr-24-0363

government-resourcebroken-link

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/...

government-resource

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2024

Credit

Ahmet Serkan ARI

CVE-2024-3375 Data

JSON