CVE-2025-2311
9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.
This issue affects SecHard: before 3.3.0.20220411.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sechard Information Technologies | SecHard | 0 < 3.3.0.20220411 | affected |
Weaknesses
- CWE-648: CWE-648 Incorrect Use of Privileged APIs
- CWE-319: CWE-319 Cleartext Transmission of Sensitive Information
- CWE-522: CWE-522 Insufficiently Protected Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.usom.gov.tr/bildirim/tr-25-0074
- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0074
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.