| Título | Industrial Application Software - IAS Canias ERP 8.03-- Exposure of Sensitive Information to an Unauthorized Actor |
|---|
| Descripción | A vulnerability classified as medium was found in Industrial Application Software caniasERP 8.03. This affects the doAction function of the component RMI Interface (default TCP port 27499). The manipulation via iasGetServerInfoEvent leads to information disclosure without authentication. It is possible to initiate the attack remotely. The response discloses application version and build number, operating system name and architecture, Java Runtime version, database type and name, database server address, maximum connection capacity, server locale, encoding, and timezone without any session ID or credentials. The server processes the request without any authentication or session validation.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| Fuente | ⚠️ https://gist.github.com/0xb1lal/6f3f050f08cff569ecbde586e63c6bea |
|---|
| Usuario | b1lal (UID 97312) |
|---|
| Sumisión | 2026-04-20 17:52 (hace 2 meses) |
|---|
| Moderación | 2026-05-09 18:33 (19 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 362457 [Industrial Application Software IAS Canias ERP 8.03 RMI Interface iasGetServerInfoEvent escalada de privilegios] |
|---|
| Puntos | 20 |
|---|