#VU93712 Improper access control in Travel APPS
Vulnerability identifier: #VU93712
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Travel APPS
Other software /
Other software solutions
Vendor:
Description
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and obtain sensitive information
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.usom.gov.tr/bildirim/tr-24-0809
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
