| 제목 | Industrial Application Software - IAS Canias ERP 8.03-- Exposure of Sensitive Information to an Unauthorized Actor |
|---|
| 설명 | A vulnerability classified as medium was found in Industrial Application Software caniasERP 8.03. This affects the doAction function of the component RMI Interface (default TCP port 27499). The manipulation via iasGetServerInfoEvent leads to information disclosure without authentication. It is possible to initiate the attack remotely. The response discloses application version and build number, operating system name and architecture, Java Runtime version, database type and name, database server address, maximum connection capacity, server locale, encoding, and timezone without any session ID or credentials. The server processes the request without any authentication or session validation.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| 원천 | ⚠️ https://gist.github.com/0xb1lal/6f3f050f08cff569ecbde586e63c6bea |
|---|
| 사용자 | b1lal (UID 97312) |
|---|
| 제출 | 2026. 04. 20. PM 05:52 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 09. PM 06:33 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 362457 [Industrial Application Software IAS Canias ERP 8.03 RMI Interface iasGetServerInfoEvent 권한 상승] |
|---|
| 포인트들 | 20 |
|---|