Geographic Tracking System
Monthly
Authorization bypass in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access restricted functionality and sensitive geospatial tracking data due to missing ACL enforcement. The CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) vector and CWE-284 classification indicate trivially exploitable broken access control affecting confidentiality and integrity of tracked entities. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authorization bypass in HAVELSAN Inc. Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access or modify other users' data by manipulating user-controlled identifiers. The CVSS 9.1 score reflects high confidentiality and integrity impact achievable over the network without authentication, though no public exploit identified at time of analysis. The flaw was reported by TR-CERT (Turkey's national CERT), suggesting coordinated disclosure for a regionally deployed product.
Information disclosure in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to perform system footprinting by analyzing observable discrepancies in server responses. The CVSS 9.1 score reflects high confidentiality and integrity impact over the network with no authentication required, though no public exploit identified at time of analysis. The vulnerability was reported by Turkey's national CERT (TR-CERT), suggesting it primarily affects deployments within Turkey's defense and government sectors where HAVELSAN products are commonly used.
Authorization bypass in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access restricted functionality and sensitive geospatial tracking data due to missing ACL enforcement. The CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) vector and CWE-284 classification indicate trivially exploitable broken access control affecting confidentiality and integrity of tracked entities. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Authorization bypass in HAVELSAN Inc. Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access or modify other users' data by manipulating user-controlled identifiers. The CVSS 9.1 score reflects high confidentiality and integrity impact achievable over the network without authentication, though no public exploit identified at time of analysis. The flaw was reported by TR-CERT (Turkey's national CERT), suggesting coordinated disclosure for a regionally deployed product.
Information disclosure in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to perform system footprinting by analyzing observable discrepancies in server responses. The CVSS 9.1 score reflects high confidentiality and integrity impact over the network with no authentication required, though no public exploit identified at time of analysis. The vulnerability was reported by Turkey's national CERT (TR-CERT), suggesting it primarily affects deployments within Turkey's defense and government sectors where HAVELSAN products are commonly used.