Description
Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents.
Published: 2026-01-28
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Sensitive Documents
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an Incorrect Authorization flaw that permits an authenticated remote attacker to modify front‑end code. By doing so the attacker can read all official documents, effectively compromising document confidentiality. The weakness is identified as CWE‑863, an incorrect authentication/authorization issue, and does not directly lead to denial of service or arbitrary code execution.

Affected Systems

The affected product is 2100 Technology’s Official Document Management System. The CVE data does not list specific vulnerable versions, but the vendor’s remedy indicates that patching to version 5.0.98.23 or later resolves the issue, implying that earlier versions may lack the fix.

Risk and Exploitability

The CVSS score of 7.1 denotes a high severity vulnerability. Although the EPSS score is less than 1 %, indicating very low exploitation probability, the flaw requires legitimate user credentials as a prerequisite. Therefore, the likely attack vector involves an attacker who has obtained valid credentials or compromised an account, after which they exploit the missing authorization controls to read protected documents.

Generated by OpenCVE AI on April 18, 2026 at 14:42 UTC.

Remediation

Vendor Solution

Update to version 5.0.98.23 or later.

OpenCVE Recommended Actions

  • Update the Official Document Management System to version 5.0.98.23 or later.
  • Restrict privileges so that only trusted administrators can modify front‑end code.
  • Review and enforce role‑based access controls to ensure users have only the minimum permissions required to perform their job functions.

Generated by OpenCVE AI on April 18, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 28 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared 2100 Technology
2100 Technology official Document Management System
Vendors & Products 2100 Technology
2100 Technology official Document Management System

Wed, 28 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents.
Title 2100 Technology|Official Document Management System - Incorrect Authorization
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

2100 Technology Official Document Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-28T14:40:49.336Z

Reserved: 2026-01-28T03:21:12.993Z

Link: CVE-2026-1514

cve-icon Vulnrichment

Updated: 2026-01-28T14:40:43.900Z

cve-icon NVD

Status : Deferred

Published: 2026-01-28T04:15:59.880

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1514

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:45:03Z

Weaknesses