Submit #808238: Industrial Application Software - IAS Canias ERP 8.03-- Information Disclosureinfo

TitleIndustrial Application Software - IAS Canias ERP 8.03-- Information Disclosure
DescriptionA vulnerability classified as high was found in Industrial Application Software caniasERP 8.03. This affects the doAction function of the Java RMI Interface (default TCP port 27499). The manipulation of the argument sessionId with an empty string value leads to unauthenticated information disclosure. It is possible to initiate the attack remotely without any form of authentication. No user interaction is required for exploitation. Successful exploitation allows an unauthenticated remote attacker to retrieve a complete list of all active user sessions by sending a crafted iasGetUserListEvent request. The server response discloses session IDs (e.g. CRONJOB_76C9505836), usernames, client types (JAVA, WEB, CRONJOB), login timestamps, and client IP addresses — without any authentication check. The disclosed session IDs can be directly used to perform session hijacking, enabling a complete pre-authentication Remote Code Execution (RCE) attack chain. The vulnerability was identified through reverse engineering of the caniasERP client JAR files. These JAR files are publicly distributed without authentication via the application's JNLP launch endpoint (caniasout.jnlp), which is accessible over HTTP without any credentials. Decompilation of the JAR files revealed the RMI binding name format (XXXXXXXXS2OUT), the relevant event and response class structure, and the absence of any server-side authentication check on the GETUSERLIST handler. No unauthorized access to any production system was required to discover or demonstrate this vulnerability.
Source⚠️ https://gist.github.com/0xb1lal/3ef872a445310c5866d07d6a5b1803fa
User
 b1lal (UID 97312)
Submission04/20/2026 16:32 (3 months ago)
Moderation05/09/2026 09:19 (19 days later)
StatusAccepted
VulDB entry362431 [Industrial Application Software IAS Canias ERP 8.03 RMI Interface doAction sessionId improper authentication]
Points20

Might our Artificial Intelligence support you?

Check our Alexa App!