Vulnerabilites related to Vegagrup Software - Vega Master
CVE-2024-12367 (GCVE-0-2024-12367)
Vulnerability from cvelistv5
Published
2025-09-16 07:46
Modified
2025-09-23 07:36
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916.  NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
References
https://www.usom.gov.tr/bildirim/tr-25-0249
Impacted products
Vendor Product Version
Vegagrup Software Vega Master Version: v.1.12.35   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T19:16:27.749820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T19:16:35.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Vega Master",
          "vendor": "Vegagrup Software",
          "versions": [
            {
              "lessThanOrEqual": "20250916",
              "status": "affected",
              "version": "v.1.12.35",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yunus \u00d6RNEK"
        }
      ],
      "datePublic": "2025-09-16T07:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.\u003cp\u003eThis issue affects Vega Master: from v.1.12.35 through 20250916.\u0026nbsp;\n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.\n\n\u003c/p\u003e"
            }
          ],
          "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916.\u00a0\n\nNOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-127",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-127 Directory Indexing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T07:36:49.773Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "url": "https://www.usom.gov.tr/bildirim/tr-25-0249"
        }
      ],
      "source": {
        "advisory": "TR-25-0249",
        "defect": [
          "TR-25-0249"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Information Disclosure in Vegagrup Software\u0027s Vega Master",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-12367",
    "datePublished": "2025-09-16T07:46:32.825Z",
    "dateReserved": "2024-12-09T14:23:49.275Z",
    "dateUpdated": "2025-09-23T07:36:49.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}