Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    14 vulnerabilities by HAVELSAN Inc.

    CVE-2026-13696 (GCVE-0-2026-13696)

    Vulnerability from nvd – Published: 2026-07-07 11:15 – Updated: 2026-07-07 13:23
    VLAI
    Title
    LDAP Injection in HAVELSAN's Liman MYS
    Summary
    Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-90 - Improper neutralization of special elements used in an LDAP query ('LDAP injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    HAVELSAN Inc. Liman MYS Affected: 0 , < release.master.1107 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 11:13
    Credits
    Enes Can ADIL
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:23:27.581114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:23:40.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Liman MYS",
              "vendor": "HAVELSAN Inc.",
              "versions": [
                {
                  "lessThan": "release.master.1107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Enes Can ADIL"
            }
          ],
          "datePublic": "2026-07-07T11:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\n\nThis issue affects Liman MYS: before release.Master.1107."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-136",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-136 LDAP Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90 Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:15:55.926Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
            }
          ],
          "source": {
            "advisory": "TR-26-0504",
            "defect": [
              "TR-26-0504"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "LDAP Injection in HAVELSAN\u0027s Liman MYS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-13696",
        "datePublished": "2026-07-07T11:15:55.926Z",
        "dateReserved": "2026-06-29T11:13:06.325Z",
        "dateUpdated": "2026-07-07T13:23:40.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11348 (GCVE-0-2026-11348)

    Vulnerability from nvd – Published: 2026-07-07 11:11 – Updated: 2026-07-07 13:23
    VLAI
    Title
    Authentication Bypass in HAVELSAN's Open Source Project Liman MYS
    Summary
    Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper verification of cryptographic signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    HAVELSAN Inc. Liman MYS Affected: 0 , < release.master.1107 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 11:05
    Credits
    Akıner KISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:22:39.464228Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:23:08.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Liman MYS",
              "vendor": "HAVELSAN Inc.",
              "versions": [
                {
                  "lessThan": "release.master.1107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ak\u0131ner KISA"
            }
          ],
          "datePublic": "2026-07-07T11:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
                }
              ],
              "value": "Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.\n\nThis issue affects Liman MYS: before release.Master.1107."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-194",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-194 Fake the Source of Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper verification of cryptographic signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:11:20.646Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
            }
          ],
          "source": {
            "advisory": "TR-26-0504",
            "defect": [
              "TR-26-0504"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass in HAVELSAN\u0027s Open Source Project Liman MYS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11348",
        "datePublished": "2026-07-07T11:11:20.646Z",
        "dateReserved": "2026-06-05T09:05:34.611Z",
        "dateUpdated": "2026-07-07T13:23:08.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11340 (GCVE-0-2026-11340)

    Vulnerability from nvd – Published: 2026-07-07 11:01 – Updated: 2026-07-07 12:05
    VLAI
    Title
    Authorization Bypass in HAVELSAN's Open Source Project Liman MYS
    Summary
    Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    HAVELSAN Inc. Liman MYS Affected: 0 , < release.master.1107 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 10:49
    Credits
    Akıner KISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T12:04:46.256043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T12:05:14.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Liman MYS",
              "vendor": "HAVELSAN Inc.",
              "versions": [
                {
                  "lessThan": "release.master.1107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ak\u0131ner KISA"
            }
          ],
          "datePublic": "2026-07-07T10:49:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Liman MYS: before release.Master.1107."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:01:33.542Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
            }
          ],
          "source": {
            "advisory": "TR-26-0504",
            "defect": [
              "TR-26-0504"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Authorization Bypass in HAVELSAN\u0027s Open Source Project Liman MYS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11340",
        "datePublished": "2026-07-07T11:01:33.542Z",
        "dateReserved": "2026-06-05T08:19:03.687Z",
        "dateUpdated": "2026-07-07T12:05:14.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6209 (GCVE-0-2026-6209)

    Vulnerability from nvd – Published: 2026-06-05 14:08 – Updated: 2026-06-05 16:38
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:38:21.452Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-6209",
        "datePublished": "2026-06-05T14:08:27.459Z",
        "dateRejected": "2026-06-05T16:38:21.452Z",
        "dateReserved": "2026-04-13T12:16:25.846Z",
        "dateUpdated": "2026-06-05T16:38:21.452Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6208 (GCVE-0-2026-6208)

    Vulnerability from nvd – Published: 2026-06-05 14:02 – Updated: 2026-06-05 16:37
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:37:58.069Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-6208",
        "datePublished": "2026-06-05T14:02:48.827Z",
        "dateRejected": "2026-06-05T16:37:58.069Z",
        "dateReserved": "2026-04-13T12:16:11.142Z",
        "dateUpdated": "2026-06-05T16:37:58.069Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6207 (GCVE-0-2026-6207)

    Vulnerability from nvd – Published: 2026-06-05 13:49 – Updated: 2026-06-05 16:37
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:37:34.476Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-6207",
        "datePublished": "2026-06-05T13:49:11.752Z",
        "dateRejected": "2026-06-05T16:37:34.476Z",
        "dateReserved": "2026-04-13T12:15:50.181Z",
        "dateUpdated": "2026-06-05T16:37:34.476Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3375 (GCVE-0-2024-3375)

    Vulnerability from nvd – Published: 2024-04-29 09:00 – Updated: 2026-06-03 14:11
    VLAI
    Title
    Broken Access Control in Havelsan's Dialogue
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Havelsan Inc. Dialogue Affected: v1.83 , < v1.83.1 or v1.84 (custom)
    Create a notification for this product.
    havelsan dialogue Affected: 1.83 , < 1.83.1 (custom)
        cpe:2.3:a:havelsan:dialogue:1.83:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Ahmet Serkan ARI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:havelsan:dialogue:1.83:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "dialogue",
                "vendor": "havelsan",
                "versions": [
                  {
                    "lessThan": "1.83.1",
                    "status": "affected",
                    "version": "1.83",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-03T17:01:32.170683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-03T20:58:57.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:12:06.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0363"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dialogue",
              "vendor": "Havelsan Inc.",
              "versions": [
                {
                  "lessThan": "v1.83.1 or v1.84",
                  "status": "affected",
                  "version": "v1.83",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ahmet Serkan ARI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Dialogue: from v1.83 before v1.83.1 or v1.84."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:11:04.010Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0363"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0363"
            }
          ],
          "source": {
            "advisory": "TR-24-0363",
            "defect": [
              "TR-24-0363"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control  in Havelsan\u0027s Dialogue",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2024-3375",
        "datePublished": "2024-04-29T09:00:09.149Z",
        "dateReserved": "2024-04-05T13:11:35.426Z",
        "dateUpdated": "2026-06-03T14:11:04.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13696 (GCVE-0-2026-13696)

    Vulnerability from cvelistv5 – Published: 2026-07-07 11:15 – Updated: 2026-07-07 13:23
    VLAI
    Title
    LDAP Injection in HAVELSAN's Liman MYS
    Summary
    Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-90 - Improper neutralization of special elements used in an LDAP query ('LDAP injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    HAVELSAN Inc. Liman MYS Affected: 0 , < release.master.1107 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 11:13
    Credits
    Enes Can ADIL
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:23:27.581114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:23:40.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Liman MYS",
              "vendor": "HAVELSAN Inc.",
              "versions": [
                {
                  "lessThan": "release.master.1107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Enes Can ADIL"
            }
          ],
          "datePublic": "2026-07-07T11:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\n\nThis issue affects Liman MYS: before release.Master.1107."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-136",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-136 LDAP Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90 Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:15:55.926Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
            }
          ],
          "source": {
            "advisory": "TR-26-0504",
            "defect": [
              "TR-26-0504"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "LDAP Injection in HAVELSAN\u0027s Liman MYS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-13696",
        "datePublished": "2026-07-07T11:15:55.926Z",
        "dateReserved": "2026-06-29T11:13:06.325Z",
        "dateUpdated": "2026-07-07T13:23:40.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11348 (GCVE-0-2026-11348)

    Vulnerability from cvelistv5 – Published: 2026-07-07 11:11 – Updated: 2026-07-07 13:23
    VLAI
    Title
    Authentication Bypass in HAVELSAN's Open Source Project Liman MYS
    Summary
    Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper verification of cryptographic signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    HAVELSAN Inc. Liman MYS Affected: 0 , < release.master.1107 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 11:05
    Credits
    Akıner KISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T13:22:39.464228Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:23:08.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Liman MYS",
              "vendor": "HAVELSAN Inc.",
              "versions": [
                {
                  "lessThan": "release.master.1107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ak\u0131ner KISA"
            }
          ],
          "datePublic": "2026-07-07T11:05:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
                }
              ],
              "value": "Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.\n\nThis issue affects Liman MYS: before release.Master.1107."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-194",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-194 Fake the Source of Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper verification of cryptographic signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:11:20.646Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
            }
          ],
          "source": {
            "advisory": "TR-26-0504",
            "defect": [
              "TR-26-0504"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass in HAVELSAN\u0027s Open Source Project Liman MYS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11348",
        "datePublished": "2026-07-07T11:11:20.646Z",
        "dateReserved": "2026-06-05T09:05:34.611Z",
        "dateUpdated": "2026-07-07T13:23:08.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11340 (GCVE-0-2026-11340)

    Vulnerability from cvelistv5 – Published: 2026-07-07 11:01 – Updated: 2026-07-07 12:05
    VLAI
    Title
    Authorization Bypass in HAVELSAN's Open Source Project Liman MYS
    Summary
    Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    HAVELSAN Inc. Liman MYS Affected: 0 , < release.master.1107 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 10:49
    Credits
    Akıner KISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11340",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T12:04:46.256043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T12:05:14.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Liman MYS",
              "vendor": "HAVELSAN Inc.",
              "versions": [
                {
                  "lessThan": "release.master.1107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ak\u0131ner KISA"
            }
          ],
          "datePublic": "2026-07-07T10:49:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Liman MYS: before release.Master.1107."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T11:01:33.542Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
            }
          ],
          "source": {
            "advisory": "TR-26-0504",
            "defect": [
              "TR-26-0504"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Authorization Bypass in HAVELSAN\u0027s Open Source Project Liman MYS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11340",
        "datePublished": "2026-07-07T11:01:33.542Z",
        "dateReserved": "2026-06-05T08:19:03.687Z",
        "dateUpdated": "2026-07-07T12:05:14.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6209 (GCVE-0-2026-6209)

    Vulnerability from cvelistv5 – Published: 2026-06-05 14:08 – Updated: 2026-06-05 16:38
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:38:21.452Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-6209",
        "datePublished": "2026-06-05T14:08:27.459Z",
        "dateRejected": "2026-06-05T16:38:21.452Z",
        "dateReserved": "2026-04-13T12:16:25.846Z",
        "dateUpdated": "2026-06-05T16:38:21.452Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6208 (GCVE-0-2026-6208)

    Vulnerability from cvelistv5 – Published: 2026-06-05 14:02 – Updated: 2026-06-05 16:37
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:37:58.069Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-6208",
        "datePublished": "2026-06-05T14:02:48.827Z",
        "dateRejected": "2026-06-05T16:37:58.069Z",
        "dateReserved": "2026-04-13T12:16:11.142Z",
        "dateUpdated": "2026-06-05T16:37:58.069Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6207 (GCVE-0-2026-6207)

    Vulnerability from cvelistv5 – Published: 2026-06-05 13:49 – Updated: 2026-06-05 16:37
    VLAI

    This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-06-05T16:37:34.476Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
                }
              ],
              "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-6207",
        "datePublished": "2026-06-05T13:49:11.752Z",
        "dateRejected": "2026-06-05T16:37:34.476Z",
        "dateReserved": "2026-04-13T12:15:50.181Z",
        "dateUpdated": "2026-06-05T16:37:34.476Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3375 (GCVE-0-2024-3375)

    Vulnerability from cvelistv5 – Published: 2024-04-29 09:00 – Updated: 2026-06-03 14:11
    VLAI
    Title
    Broken Access Control in Havelsan's Dialogue
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Havelsan Inc. Dialogue Affected: v1.83 , < v1.83.1 or v1.84 (custom)
    Create a notification for this product.
    havelsan dialogue Affected: 1.83 , < 1.83.1 (custom)
        cpe:2.3:a:havelsan:dialogue:1.83:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Ahmet Serkan ARI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:havelsan:dialogue:1.83:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "dialogue",
                "vendor": "havelsan",
                "versions": [
                  {
                    "lessThan": "1.83.1",
                    "status": "affected",
                    "version": "1.83",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-03T17:01:32.170683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-03T20:58:57.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:12:06.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usom.gov.tr/bildirim/tr-24-0363"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dialogue",
              "vendor": "Havelsan Inc.",
              "versions": [
                {
                  "lessThan": "v1.83.1 or v1.84",
                  "status": "affected",
                  "version": "v1.83",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ahmet Serkan ARI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Dialogue: from v1.83 before v1.83.1 or v1.84."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:11:04.010Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-0363"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0363"
            }
          ],
          "source": {
            "advisory": "TR-24-0363",
            "defect": [
              "TR-24-0363"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control  in Havelsan\u0027s Dialogue",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2024-3375",
        "datePublished": "2024-04-29T09:00:09.149Z",
        "dateReserved": "2024-04-05T13:11:35.426Z",
        "dateUpdated": "2026-06-03T14:11:04.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }