CVE-2024-3305 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2024-3305?

CVE-2024-3305 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to bypass authorization controls in Utarit Information SoliClub mobile apps by manipulating user-controlled keys, potentially exposing embedded sensitive data. It affects iOS users running versions before 4.4.0 and Android users running versions before 5.2.1.

📋 TL;DR

This vulnerability allows attackers to bypass authorization controls in Utarit Information SoliClub mobile apps by manipulating user-controlled keys, potentially exposing embedded sensitive data. It affects iOS users running versions before 4.4.0 and Android users running versions before 5.2.1.

💻 Affected Systems

Products:

Utarit Information SoliClub

Versions: iOS: before 4.4.0, Android: before 5.2.1

Operating Systems: iOS, Android

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default.

📦 What is this software?

Soliclub by Utarit

View all CVEs affecting Soliclub →

Soliclub by Utarit

View all CVEs affecting Soliclub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive user data stored within the application, potentially including personal information, authentication tokens, or other embedded secrets.

🟠

Likely Case

Unauthorized access to user-specific sensitive data that should be protected by authorization checks.

🟢

If Mitigated

Limited or no data exposure if proper input validation and authorization checks are implemented.

🌐 Internet-Facing: HIGH - Mobile applications are typically internet-facing and accessible to attackers.

🏢 Internal Only: LOW - This is a mobile application vulnerability, not typically deployed in internal-only environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some user interaction or access to the application, but the bypass mechanism appears straightforward based on the CWE description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS: 4.4.0+, Android: 5.2.1+

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-24-1457

Restart Required: Yes

Instructions:

1. Update SoliClub app from official app stores (Apple App Store for iOS, Google Play Store for Android). 2. Ensure version is at least 4.4.0 for iOS or 5.2.1 for Android. 3. Restart the application after update.

🔧 Temporary Workarounds

Disable or restrict app usage

all

Temporarily prevent use of vulnerable versions until patching is complete

Network segmentation

all

Restrict network access for mobile devices running vulnerable versions

🧯 If You Can't Patch

Implement mobile device management (MDM) policies to restrict app functionality
Monitor for unusual data access patterns and implement enhanced logging

🔍 How to Verify

Check if Vulnerable:

Check app version in SoliClub settings: iOS must be <4.4.0, Android must be <5.2.1

Check Version:

Check within SoliClub app settings menu for version information

Verify Fix Applied:

Confirm app version shows iOS ≥4.4.0 or Android ≥5.2.1 in app settings

📡 Detection & Monitoring

Log Indicators:

Unusual data access patterns
Authorization failure logs followed by successful data retrieval

Network Indicators:

Unexpected data transfers from mobile app to external endpoints

SIEM Query:

Look for mobile app logs showing data access without proper authorization events

📊 Metadata

CVE ID: CVE-2024-3305

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-639

Published: September 12, 2024

Last Updated: October 14, 2025

🔗 References

https://www.usom.gov.tr/bildirim/tr-24-1457 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3305, you might also want to check these: