Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for DIGIKENT by Vadi Corporate Information Systems Ltd. Co.

    CVE-2025-9986 (GCVE-0-2025-9986)

    Vulnerability from nvd – Published: 2026-02-11 08:34 – Updated: 2026-06-05 11:00
    VLAI
    Title
    Improper Access Control in Vadi Corporate Information System's DIGIKENT
    Summary
    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: through 13092025.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Date Public
    2026-02-11 08:27
    Credits
    Ferhat UÇAR
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9986",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T15:20:43.320650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T15:21:02.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DIGIKENT",
              "vendor": "Vadi Corporate Information Systems Ltd. Co.",
              "versions": [
                {
                  "lessThanOrEqual": "13092025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ferhat U\u00c7AR"
            }
          ],
          "datePublic": "2026-02-11T08:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.\u003cp\u003eThis issue affects DIGIKENT: through 13092025.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.\n\nThis issue affects DIGIKENT: through 13092025."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:00:55.226Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-26-0056"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0056"
            }
          ],
          "source": {
            "advisory": "TR-26-0056",
            "defect": [
              "TR-26-0056"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Vadi Corporate Information System\u0027s DIGIKENT",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-9986",
        "datePublished": "2026-02-11T08:34:13.377Z",
        "dateReserved": "2025-09-04T13:43:47.685Z",
        "dateUpdated": "2026-06-05T11:00:55.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9986 (GCVE-0-2025-9986)

    Vulnerability from cvelistv5 – Published: 2026-02-11 08:34 – Updated: 2026-06-05 11:00
    VLAI
    Title
    Improper Access Control in Vadi Corporate Information System's DIGIKENT
    Summary
    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: through 13092025.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Date Public
    2026-02-11 08:27
    Credits
    Ferhat UÇAR
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9986",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T15:20:43.320650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T15:21:02.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DIGIKENT",
              "vendor": "Vadi Corporate Information Systems Ltd. Co.",
              "versions": [
                {
                  "lessThanOrEqual": "13092025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ferhat U\u00c7AR"
            }
          ],
          "datePublic": "2026-02-11T08:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.\u003cp\u003eThis issue affects DIGIKENT: through 13092025.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.\n\nThis issue affects DIGIKENT: through 13092025."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:00:55.226Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-26-0056"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0056"
            }
          ],
          "source": {
            "advisory": "TR-26-0056",
            "defect": [
              "TR-26-0056"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Vadi Corporate Information System\u0027s DIGIKENT",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-9986",
        "datePublished": "2026-02-11T08:34:13.377Z",
        "dateReserved": "2025-09-04T13:43:47.685Z",
        "dateUpdated": "2026-06-05T11:00:55.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }