| tiêu đề | Industrial Application Software - IAS Canias ERP 8.03-- Exposure of Sensitive Information to an Unauthorized Actor |
|---|
| Mô tả | A vulnerability classified as medium was found in Industrial Application Software caniasERP 8.03. This affects the doAction function of the component RMI Interface (default TCP port 27499). The manipulation via iasGetServerInfoEvent leads to information disclosure without authentication. It is possible to initiate the attack remotely. The response discloses application version and build number, operating system name and architecture, Java Runtime version, database type and name, database server address, maximum connection capacity, server locale, encoding, and timezone without any session ID or credentials. The server processes the request without any authentication or session validation.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| Nguồn | ⚠️ https://gist.github.com/0xb1lal/6f3f050f08cff569ecbde586e63c6bea |
|---|
| Người dùng | b1lal (UID 97312) |
|---|
| Đệ trình | 20/04/2026 17:52 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 09/05/2026 18:33 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 362457 [Industrial Application Software IAS Canias ERP 8.03 RMI Interface iasGetServerInfoEvent nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|