Description
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Library Automation System: from v.19.5 before v.22.1.
Published: 2026-05-14
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper access control flaw that allows users to bypass security permissions when the system is misconfigured. It enables unauthorized users to gain access to restricted library data, potentially exposing sensitive information. The weakness is classified as CWE-863, indicating an authorization bypass. A CVSS score of 8.8 reflects this serious impact.

Affected Systems

Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. offers the Library Automation System, and the vulnerability affects all releases from version 19.5 up to, but not including, version 22.1. No other versions are listed as impacted.

Risk and Exploitability

Because the CVSS score is high at 8.8 and EPSS data is not available, the risk remains significant, especially for organizations relying on the affected range of versions. The flaw is likely exploitable by attackers who can access the system through either compromised user credentials or by taking advantage of poorly configured role permissions; detailed attack vectors are not provided, but misconfigured access levels are the root cause. The vulnerability is not catalogued in the CISA KEV system, indicating no known widespread exploitation at this time, yet the high severity suggests a prudent response.

Generated by OpenCVE AI on May 14, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 22.1 or later, which has the authorization fix applied.
  • Review and re‑configure all role permissions so that each user has only the minimum access required for their tasks.
  • Remove or disable any inactive or unnecessary user accounts that may retain high privileges.
  • Enable multi‑factor authentication for all administrative and privileged access to reduce the risk of credential compromise.

Generated by OpenCVE AI on May 14, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Yordam
Yordam library Automation System
Vendors & Products Yordam
Yordam library Automation System

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5 before v.22.1.
Title Improper Access Control in Yordam Informatics' Library Automation System
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Yordam Library Automation System
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-14T18:36:14.239Z

Reserved: 2025-12-22T07:58:36.406Z

Link: CVE-2025-15023

cve-icon Vulnrichment

Updated: 2026-05-14T18:36:10.887Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T18:16:34.527

Modified: 2026-05-14T18:19:37.060

Link: CVE-2025-15023

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:09:07Z

Weaknesses