Gokhan Sahin

**Name of the Vulnerable Software and Affected Versions** Karmasis Informatics Infraskope SIEM+ (affected versions not specified) **Description** The issue allows an unauthenticated attacker to obtain critical information due to an unauthenticated access vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Karmasis Informatics Infraskope SIEM+ (affected versions not specified) **Description** The issue allows an unauthenticated attacker to damage the page where the agents are listed due to an unauthenticated access vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Karmasis Informatics Infraskope SIEM+ (affected versions not specified) **Description** The issue allows an unauthenticated attacker to modify logs due to an unauthenticated access vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Single Connect (affected versions not specified) **Description** The issue is related to the lack of an authorization check in the `log-monitor` module, allowing a remote attacker to access the logging interface and potentially obtain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Single Connect (affected versions not specified) **Description** The issue arises from the lack of an authorization check in Single Connect when utilizing the `sc-assigned-credential-ui` module. This allows a remote attacker to potentially modify user permissions without authentication, including the possibility of deleting permissions from other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Single Connect (affected versions not specified) **Description** The issue arises from the lack of an authorization check in the sc-reports-ui module, allowing a remote attacker to access the device configuration page and export data to an external file. This could lead to the attacker obtaining sensitive information, including database credentials. Since the database operates with high privileges, the attacker might be able to execute commands using the obtained credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Single Connect (affected versions not specified) **Description** The issue is related to the lack of an authorization check when using the `sc-diagnostic-ui` module. This could allow a remote attacker to access the device information page and potentially obtain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.