{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58919?format=json","vulnerability_id":"VCID-uerg-ydz5-nkec","summary":"Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.\n\nThis issue affects Elektraweb: before v17.0.68.","aliases":[{"alias":"CVE-2024-0947"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0808","reference_id":"tr-24-0808","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-27T13:41:43Z/"}],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0808"},{"reference_url":"https://www.usom.gov.tr/bildirim/tr-24-0808","reference_id":"tr-24-0808","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-27T13:41:43Z/"}],"url":"https://www.usom.gov.tr/bildirim/tr-24-0808"}],"weaknesses":[{"cwe_id":565,"name":"Reliance on Cookies without Validation and Integrity Checking","description":"The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user."}],"exploits":[],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uerg-ydz5-nkec"}