Description
Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.
Published: 2026-01-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a missing authentication flaw in the Gotac Statistics Database System that allows attackers to access database content without any credentials. Exploiting this weakness can lead to unauthorized disclosure of confidential data, potentially compromising sensitive business information and violating privacy regulations. The weakness corresponds to CWE‑306, a critical Authentication+Breach issue that undermines the confidentiality of the system.

Affected Systems

This flaw affects installations of Gotac’s Statistics Database System that have not been upgraded to version 1.0.4 or later. Any system running an earlier release is susceptible until the vendor patch is applied.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.7, indicating high severity. Although the EPSS score is currently below 1 %, suggesting a low probability of exploitation in the wild, the lack of authentication makes the attack straightforward for an adversary who can reach the service. The vulnerability is not listed in the CISA KEV catalog, but its high confidentiality impact warrants urgent remediation.

Generated by OpenCVE AI on April 18, 2026 at 05:50 UTC.

Remediation

Vendor Solution

Update to version 1.0.4 or later.

OpenCVE Recommended Actions

  • Apply the vendor patch (update to version 1.0.4 or later).
  • Restrict external network access to the database service with firewall rules or network segmentation to limit exposure to trusted administrators.
  • Verify that all APIs and interfaces enforce authentication and that no unsecured endpoints remain available.

Generated by OpenCVE AI on April 18, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Gotac statistics Database System
CPEs cpe:2.3:a:gotac:statistics_database_system:*:*:*:*:*:*:*:*
Vendors & Products Gotac statistics Database System

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gotac
Gotac statistical Database System
Vendors & Products Gotac
Gotac statistical Database System
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.
Title Gotac|Statistics Database System - Missing Authentication
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gotac Statistical Database System Statistics Database System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-16T14:04:01.712Z

Reserved: 2026-01-16T02:00:26.795Z

Link: CVE-2026-1023

cve-icon Vulnrichment

Updated: 2026-01-16T14:03:57.928Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T04:15:49.320

Modified: 2026-01-23T20:20:47.963

Link: CVE-2026-1023

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:00:08Z

Weaknesses