Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for soliclub by utarit

    CVE-2025-7358 (GCVE-0-2025-7358)

    Vulnerability from nvd – Published: 2025-12-18 14:47 – Updated: 2026-06-05 13:46
    VLAI
    Title
    Use of Hard-coded Credentials in Utarit Informatics' SoliClub
    Summary
    Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse. This issue affects SoliClub: before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 0 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:45
    Credits
    Samet ALKIŞ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:25:32.648808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:25:51.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Samet ALKI\u015e"
            }
          ],
          "datePublic": "2025-12-18T14:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.\u003cp\u003eThis issue affects SoliClub: before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.\n\nThis issue affects SoliClub: before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T13:46:29.671Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-7358",
        "datePublished": "2025-12-18T14:47:50.294Z",
        "dateReserved": "2025-07-08T14:40:19.419Z",
        "dateUpdated": "2026-06-05T13:46:29.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7047 (GCVE-0-2025-7047)

    Vulnerability from nvd – Published: 2025-12-18 14:43 – Updated: 2026-06-05 13:49
    VLAI
    Title
    Missing Authorization in Utarit Informatics' SoliClub
    Summary
    Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 0 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:37
    Credits
    Samet ALKIŞ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:26:51.223704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:27:16.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Samet ALKI\u015e"
            }
          ],
          "datePublic": "2025-12-18T14:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.\u003cp\u003eThis issue affects SoliClub: before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.\n\nThis issue affects SoliClub: before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T13:49:37.992Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-7047",
        "datePublished": "2025-12-18T14:43:44.182Z",
        "dateReserved": "2025-07-03T13:12:39.422Z",
        "dateUpdated": "2026-06-05T13:49:37.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1031 (GCVE-0-2025-1031)

    Vulnerability from nvd – Published: 2025-12-18 14:27 – Updated: 2026-06-06 06:59
    VLAI
    Title
    IDOR in Utarit Informatics' SoliClub
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 5.2.4 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:24
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:30:54.531916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:32:40.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "5.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2025-12-18T14:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.\n\nThis issue affects SoliClub: from 5.2.4 before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T06:59:30.733Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-1031",
        "datePublished": "2025-12-18T14:27:24.041Z",
        "dateReserved": "2025-02-04T14:41:56.782Z",
        "dateUpdated": "2026-06-06T06:59:30.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1030 (GCVE-0-2025-1030)

    Vulnerability from nvd – Published: 2025-12-18 14:22 – Updated: 2026-06-06 07:00
    VLAI
    Title
    Sensitive Data Exposure in Utarit Informatics' SoliClub
    Summary
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 5.2.4 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:18
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1030",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:30:57.091594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:32:52.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "5.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2025-12-18T14:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.\n\nThis issue affects SoliClub: from 5.2.4 before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-54",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-54 Query System for Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T07:00:43.527Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Sensitive Data Exposure in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-1030",
        "datePublished": "2025-12-18T14:22:54.530Z",
        "dateReserved": "2025-02-04T14:41:48.421Z",
        "dateUpdated": "2026-06-06T07:00:43.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1029 (GCVE-0-2025-1029)

    Vulnerability from nvd – Published: 2025-12-18 14:16 – Updated: 2026-06-06 07:01
    VLAI
    Title
    Hardcoded Credentials in Utarit Informatics' SoliClub
    Summary
    Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Information Services Inc. SoliClub Affected: 5.2.4 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:13
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:30:59.536160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:33:10.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Information Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "5.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2025-12-18T14:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.\n\nThis issue affects SoliClub: from 5.2.4 before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T07:01:47.390Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Hardcoded Credentials in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-1029",
        "datePublished": "2025-12-18T14:16:22.136Z",
        "dateReserved": "2025-02-04T14:41:36.218Z",
        "dateUpdated": "2026-06-06T07:01:47.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3306 (GCVE-0-2024-3306)

    Vulnerability from nvd – Published: 2024-09-12 13:06 – Updated: 2026-06-03 14:14
    VLAI
    Title
    IDOR in Utarit Information's SoliClub
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Information SoliClub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
    Create a notification for this product.
    utarit soliclub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
        cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "soliclub",
                "vendor": "utarit",
                "versions": [
                  {
                    "lessThan": "4.4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:09:09.452416Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:10:03.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Information",
              "versions": [
                {
                  "lessThan": "4.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:14:38.955Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1457"
            }
          ],
          "source": {
            "advisory": "TR-24-1457",
            "defect": [
              "TR-24-1457"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Utarit Information\u0027s SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2024-3306",
        "datePublished": "2024-09-12T13:06:12.188Z",
        "dateReserved": "2024-04-04T12:00:34.676Z",
        "dateUpdated": "2026-06-03T14:14:38.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3305 (GCVE-0-2024-3305)

    Vulnerability from nvd – Published: 2024-09-12 13:03 – Updated: 2026-06-03 14:15
    VLAI
    Title
    IDOR in Utarit Information's SoliClub
    Summary
    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    • CWE-862 - Missing Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Information SoliClub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
    Create a notification for this product.
    utarit soliclub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
        cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "soliclub",
                "vendor": "utarit",
                "versions": [
                  {
                    "lessThan": "4.4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T18:45:06.544243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:48:41.376Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Information",
              "versions": [
                {
                  "lessThan": "4.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\u003cp\u003e\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\n\n\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\n\n\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:15:45.924Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1457"
            }
          ],
          "source": {
            "advisory": "TR-24-1457",
            "defect": [
              "TR-24-1457"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Utarit Information\u0027s SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2024-3305",
        "datePublished": "2024-09-12T13:03:13.863Z",
        "dateReserved": "2024-04-04T11:53:42.686Z",
        "dateUpdated": "2026-06-03T14:15:45.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7358 (GCVE-0-2025-7358)

    Vulnerability from cvelistv5 – Published: 2025-12-18 14:47 – Updated: 2026-06-05 13:46
    VLAI
    Title
    Use of Hard-coded Credentials in Utarit Informatics' SoliClub
    Summary
    Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse. This issue affects SoliClub: before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 0 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:45
    Credits
    Samet ALKIŞ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:25:32.648808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:25:51.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Samet ALKI\u015e"
            }
          ],
          "datePublic": "2025-12-18T14:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.\u003cp\u003eThis issue affects SoliClub: before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.\n\nThis issue affects SoliClub: before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T13:46:29.671Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-7358",
        "datePublished": "2025-12-18T14:47:50.294Z",
        "dateReserved": "2025-07-08T14:40:19.419Z",
        "dateUpdated": "2026-06-05T13:46:29.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7047 (GCVE-0-2025-7047)

    Vulnerability from cvelistv5 – Published: 2025-12-18 14:43 – Updated: 2026-06-05 13:49
    VLAI
    Title
    Missing Authorization in Utarit Informatics' SoliClub
    Summary
    Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 0 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:37
    Credits
    Samet ALKIŞ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:26:51.223704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:27:16.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Samet ALKI\u015e"
            }
          ],
          "datePublic": "2025-12-18T14:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.\u003cp\u003eThis issue affects SoliClub: before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.\n\nThis issue affects SoliClub: before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T13:49:37.992Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-7047",
        "datePublished": "2025-12-18T14:43:44.182Z",
        "dateReserved": "2025-07-03T13:12:39.422Z",
        "dateUpdated": "2026-06-05T13:49:37.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1031 (GCVE-0-2025-1031)

    Vulnerability from cvelistv5 – Published: 2025-12-18 14:27 – Updated: 2026-06-06 06:59
    VLAI
    Title
    IDOR in Utarit Informatics' SoliClub
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 5.2.4 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:24
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:30:54.531916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:32:40.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "5.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2025-12-18T14:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.\n\nThis issue affects SoliClub: from 5.2.4 before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T06:59:30.733Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-1031",
        "datePublished": "2025-12-18T14:27:24.041Z",
        "dateReserved": "2025-02-04T14:41:56.782Z",
        "dateUpdated": "2026-06-06T06:59:30.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1030 (GCVE-0-2025-1030)

    Vulnerability from cvelistv5 – Published: 2025-12-18 14:22 – Updated: 2026-06-06 07:00
    VLAI
    Title
    Sensitive Data Exposure in Utarit Informatics' SoliClub
    Summary
    Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.2.4 before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Informatics Services Inc. SoliClub Affected: 5.2.4 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:18
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1030",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:30:57.091594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:32:52.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Informatics Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "5.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2025-12-18T14:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.\n\nThis issue affects SoliClub: from 5.2.4 before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-54",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-54 Query System for Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T07:00:43.527Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Sensitive Data Exposure in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-1030",
        "datePublished": "2025-12-18T14:22:54.530Z",
        "dateReserved": "2025-02-04T14:41:48.421Z",
        "dateUpdated": "2026-06-06T07:00:43.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1029 (GCVE-0-2025-1029)

    Vulnerability from cvelistv5 – Published: 2025-12-18 14:16 – Updated: 2026-06-06 07:01
    VLAI
    Title
    Hardcoded Credentials in Utarit Informatics' SoliClub
    Summary
    Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Information Services Inc. SoliClub Affected: 5.2.4 , < 5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2025-12-18 14:13
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T15:30:59.536160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T15:33:10.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Information Services Inc.",
              "versions": [
                {
                  "lessThan": "5.3.7",
                  "status": "affected",
                  "version": "5.2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "datePublic": "2025-12-18T14:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
                }
              ],
              "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.\n\nThis issue affects SoliClub: from 5.2.4 before 5.3.7."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T07:01:47.390Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0466"
            }
          ],
          "source": {
            "advisory": "TR-25-0466",
            "defect": [
              "TR-25-0466"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Hardcoded Credentials in Utarit Informatics\u0027 SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-1029",
        "datePublished": "2025-12-18T14:16:22.136Z",
        "dateReserved": "2025-02-04T14:41:36.218Z",
        "dateUpdated": "2026-06-06T07:01:47.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3306 (GCVE-0-2024-3306)

    Vulnerability from cvelistv5 – Published: 2024-09-12 13:06 – Updated: 2026-06-03 14:14
    VLAI
    Title
    IDOR in Utarit Information's SoliClub
    Summary
    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Information SoliClub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
    Create a notification for this product.
    utarit soliclub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
        cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "soliclub",
                "vendor": "utarit",
                "versions": [
                  {
                    "lessThan": "4.4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:09:09.452416Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:10:03.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Information",
              "versions": [
                {
                  "lessThan": "4.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:14:38.955Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1457"
            }
          ],
          "source": {
            "advisory": "TR-24-1457",
            "defect": [
              "TR-24-1457"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Utarit Information\u0027s SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2024-3306",
        "datePublished": "2024-09-12T13:06:12.188Z",
        "dateReserved": "2024-04-04T12:00:34.676Z",
        "dateUpdated": "2026-06-03T14:14:38.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3305 (GCVE-0-2024-3305)

    Vulnerability from cvelistv5 – Published: 2024-09-12 13:03 – Updated: 2026-06-03 14:15
    VLAI
    Title
    IDOR in Utarit Information's SoliClub
    Summary
    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    • CWE-862 - Missing Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Utarit Information SoliClub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
    Create a notification for this product.
    utarit soliclub Affected: 0 , < 4.4.0 (custom)
    Affected: 0 , < 5.2.1 (custom)
        cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mustafa Anıl YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "soliclub",
                "vendor": "utarit",
                "versions": [
                  {
                    "lessThan": "4.4.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T18:45:06.544243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:48:41.376Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SoliClub",
              "vendor": "Utarit Information",
              "versions": [
                {
                  "lessThan": "4.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mustafa An\u0131l YILDIRIM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\u003cp\u003e\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\n\n\u003c/p\u003e"
                }
              ],
              "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\n\n\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T14:15:45.924Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1457"
            }
          ],
          "source": {
            "advisory": "TR-24-1457",
            "defect": [
              "TR-24-1457"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in Utarit Information\u0027s SoliClub",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2024-3305",
        "datePublished": "2024-09-12T13:03:13.863Z",
        "dateReserved": "2024-04-04T11:53:42.686Z",
        "dateUpdated": "2026-06-03T14:15:45.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }