CRITICAL🇵🇱 Wersja polska

CVE-2024-0947

CVSS 9.8v3.1pub. 2024-06-27upd. 2026-06-03

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb: before v17.0.68.

🤖 AI Analysis
How it works

The Elektraweb application stores session data in cookies without proper verification of their integrity and authenticity. An attacker can modify cookie values or intercept and replace session tokens transmitted over HTTP. Since the application does not verify the validity of this data, manipulated cookies are accepted as valid, allowing the attacker to assume the identity of another user.

Impact

An attacker can forge or take over the session of any application user, gaining unauthorized access to their data and system functions. As a result, it is possible to violate the confidentiality, integrity, and availability of data processed by Elektraweb.

Mitigation & patch

Elektraweb should be updated to version v17.0.68 or newer. Detailed information is available in the manufacturer's references and in the USOM message under number TR-24-0808.

Who is affected

Talya Informatics Elektraweb in versions prior to v17.0.68

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References