ByteOS Network

Vulnerability Details :

CVE-2021-45478

Assigner Org ID-ca940d4e-fea4-4aa2-9a58-591a58b1ce21

Published At-02 Mar, 2023 | 08:26

Updated At-05 Mar, 2025 | 21:13

IDOR in Yordam Library Automation System

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:TR-CERT

Assigner Org ID:ca940d4e-fea4-4aa2-9a58-591a58b1ce21

Published At:02 Mar, 2023 | 08:26

Updated At:05 Mar, 2025 | 21:13

▼CVE Numbering Authority (CNA)

IDOR in Yordam Library Automation System

Affected Products

Vendor

Yordam Information Technologies

Product

Library Automation System

Default Status

unaffected

Versions

Affected

From 0 before 19.2 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-233	CWE-233 Improper Handling of Parameters

Type: CWE

CWE ID: CWE-233

Description: CWE-233 Improper Handling of Parameters

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impacts

CAPEC ID	Description
CAPEC-569	CAPEC-569 Collect Data as Provided by Users

CAPEC ID: CAPEC-569

Description: CAPEC-569 Collect Data as Provided by Users

Solutions

Update the software version to >=19.2

Credits

finder

Oguzhan KARA

References

Hyperlink	Resource
https://www.usom.gov.tr/bildirim/tr-23-0119	government-resource

Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0119

Resource:

government-resource

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.usom.gov.tr/bildirim/tr-23-0119	government-resource x_transferred

Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0119

Resource:

government-resource

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:iletisim@usom.gov.tr

Published At:02 Mar, 2023 | 09:15

Updated At:07 Nov, 2023 | 03:39

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CPE Matches

yordam>>library_automation_system>>Versions before 19.2(exclusive)

cpe:2.3:a:yordam:library_automation_system:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-233	Secondary	iletisim@usom.gov.tr

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-233

Type: Secondary

Source: iletisim@usom.gov.tr

References

Hyperlink	Source	Resource
https://www.usom.gov.tr/bildirim/tr-23-0119	iletisim@usom.gov.tr	Third Party Advisory

Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0119

Source: iletisim@usom.gov.tr

Resource:

Third Party Advisory

Similar CVEs

1Records found

CVE-2021-45477

Matching Score-10

Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)

View Details

Matching Score-10

Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 22.69%

7 Day CHG~0.00%

Published-02 Mar, 2023 | 08:24

Updated-05 Mar, 2025 | 21:14

IDOR in Yordam Library Automation System

Vendor-yordam Yordam Information Technologies

Product-library_automation_system Library Automation System

CWE ID-CWE-233

Improper Handling of Parameters

CVE-2021-45478

Credits

IDOR in Yordam Library Automation System

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs