Description
IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege.
Published: 2026-02-27
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate patch
AI Analysis

Impact

The IM-LogicDesigner module in intra‑mart Accel Platform implements insecure deserialization. When a user with administrative privileges imports a crafted file into the module, an attacker can execute arbitrary code on the underlying system. The vulnerability directly compromises confidentiality, integrity, and availability by allowing full control over the compromised host.

Affected Systems

NTT DATA INTRAMART Corporation’s intra‑mart Accel Platform versions 8.0.4 through 8.0.27 are affected. The issue exists in every iteration of the Accel Platform within that range where the IM‑LogicDesigner component is present.

Risk and Exploitability

The CVSS score of 8.6 classifies this vulnerability as high. Although the EPSS score is reported as less than 1%, indicating a low exploitation probability, the lack of a KEV listing suggests no widespread public exploits have been observed. The attack vector is inferred to be local, requiring an attacker to have administrative access to the system in order to import a malicious file. Once the crafted file is loaded by an admin user, arbitrary code execution is possible, making the risk significant for environments where administrative privileges are not tightly controlled.

Generated by OpenCVE AI on April 16, 2026 at 15:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of intra‑mart Accel Platform that contains a fix for insecure deserialization and removes the vulnerable IM‑LogicDesigner behavior.
  • Enforce strict access control on the IM‑LogicDesigner module, limiting file import capability to a narrow set of trusted administrators and disabling the feature when not needed.
  • Monitor application logs and system activity for indicators of deserialization attempts or unexpected runtime behavior, and respond promptly to any anomalous activity.

Generated by OpenCVE AI on April 16, 2026 at 15:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title Insecure Deserialization in intra‑mart Accel Platform IM‑LogicDesigner Allowing Arbitrary Code Execution

Mon, 23 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Intra-mart
Intra-mart accel Platform
CPEs cpe:2.3:a:intra-mart:accel_platform:8.0.10:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.11:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.12:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.13:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.14:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.15:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.16:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.17:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.19:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.20:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.21:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.22:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.23:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.24:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.25:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.26:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.27:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.4:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.5:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.6:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.7:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.8:-:*:*:*:*:*:*
cpe:2.3:a:intra-mart:accel_platform:8.0.9:-:*:*:*:*:*:*
Vendors & Products Intra-mart
Intra-mart accel Platform
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 06 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Ntt Data Intramart
Ntt Data Intramart intra-mart Accel Platform
Vendors & Products Ntt Data Intramart
Ntt Data Intramart intra-mart Accel Platform

Fri, 27 Feb 2026 08:15:00 +0000

Type Values Removed Values Added
Description IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege.
Weaknesses CWE-502
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Intra-mart Accel Platform
Ntt Data Intramart Intra-mart Accel Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-06T18:48:00.138Z

Reserved: 2026-02-24T06:54:41.553Z

Link: CVE-2026-27776

cve-icon Vulnrichment

Updated: 2026-03-06T18:47:55.638Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T08:17:09.850

Modified: 2026-03-23T14:21:07.567

Link: CVE-2026-27776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:45:16Z

Weaknesses