| शीर्षक | Industrial Application Software - IAS Canias ERP 8.03-- Exposure of Sensitive Information to an Unauthorized Actor |
|---|
| विवरण | A vulnerability classified as medium was found in Industrial Application Software caniasERP 8.03. This affects the doAction function of the component RMI Interface (default TCP port 27499). The manipulation via iasGetServerInfoEvent leads to information disclosure without authentication. It is possible to initiate the attack remotely. The response discloses application version and build number, operating system name and architecture, Java Runtime version, database type and name, database server address, maximum connection capacity, server locale, encoding, and timezone without any session ID or credentials. The server processes the request without any authentication or session validation.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| स्रोत | ⚠️ https://gist.github.com/0xb1lal/6f3f050f08cff569ecbde586e63c6bea |
|---|
| उपयोगकर्ता | b1lal (UID 97312) |
|---|
| सबमिशन | 20/04/2026 05:52 PM (1 महीना पहले) |
|---|
| संयम | 09/05/2026 06:33 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 362457 [Industrial Application Software IAS Canias ERP 8.03 RMI Interface iasGetServerInfoEvent अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|