Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.
The vulnerability classified as CWE-346 consists of the lack of proper verification of the source (origin) of requests incoming to the system. An attacker can send network requests that the system incorrectly recognizes as trusted, thereby bypassing defined access control lists (ACL). The attack vector is network-based, does not require authentication or user interaction, making the vulnerability trivial to exploit remotely.
An attacker can gain unauthorized access to system functions covered by ACL restrictions, which can lead to complete breach of confidentiality, integrity, and availability of resources managed by Liderahenk.
Liderahenk should be updated to version 2.0.2 or newer. Detailed information is available in the security bulletin at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0181
TUBITAK BILGEM Software Technologies Research Institute Liderahenk in versions from 2.0.1 to (excluding) 2.0.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H