CVE-2024-4259: CWE-862 Missing Authorization in SAMPAŞ Holding AKOS (AkosCepVatandasService)
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
AI Analysis
Technical Summary
CVE-2024-4259 describes a missing authorization vulnerability in SAMPAŞ Holding's AKOS platform, affecting AkosCepVatandasService versions before 2.0 and TahsilatService versions before 1.0.7. The vulnerability allows unauthorized data collection due to lack of proper access control (CWE-862). The CVSS 4.0 score of 6.9 reflects a medium severity with network attack vector, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality and integrity with low scope and impact metrics. No official patch or vendor advisory is currently available, and no known exploitation has been reported.
Potential Impact
The vulnerability permits unauthorized users to collect data from the affected AKOS services, potentially exposing user-provided information. This could lead to partial confidentiality and integrity loss. However, the impact is limited by the medium severity score and the absence of known active exploitation. The lack of required privileges and user interaction increases the risk of remote exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected services where possible and monitor for unusual data access patterns. Follow vendor updates closely for any forthcoming patches or official mitigation instructions.
CVE-2024-4259: CWE-862 Missing Authorization in SAMPAŞ Holding AKOS (AkosCepVatandasService)
Description
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
CVSS v4.0
Score 6.9medium
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-4259 describes a missing authorization vulnerability in SAMPAŞ Holding's AKOS platform, affecting AkosCepVatandasService versions before 2.0 and TahsilatService versions before 1.0.7. The vulnerability allows unauthorized data collection due to lack of proper access control (CWE-862). The CVSS 4.0 score of 6.9 reflects a medium severity with network attack vector, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality and integrity with low scope and impact metrics. No official patch or vendor advisory is currently available, and no known exploitation has been reported.
Potential Impact
The vulnerability permits unauthorized users to collect data from the affected AKOS services, potentially exposing user-provided information. This could lead to partial confidentiality and integrity loss. However, the impact is limited by the medium severity score and the absence of known active exploitation. The lack of required privileges and user interaction increases the risk of remote exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected services where possible and monitor for unusual data access patterns. Follow vendor updates closely for any forthcoming patches or official mitigation instructions.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- TR-CERT
- Date Reserved
- 2024-04-26T14:40:25.762Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68ee47d1509368ccaa6fd05e
Added to database: 10/14/2025, 12:53:37 UTC
Last enriched: 06/03/2026, 19:57:15 UTC
Last updated: 07/05/2026, 08:51:17 UTC
Views: 177
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.