Description
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources.
Published: 2026-04-06
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized dashboard access by shipping/receiving users
Action: Patch
AI Analysis

Impact

Kaleris Yard Management Solutions version 7.2.2.1 contains a role‑based access control flaw that allows authenticated users with only a shipping or receiving role to view truck dashboard resources. The CVE description confirms unauthorized access but does not explicitly state the confidentiality impact; it is inferred that viewing the dashboard could reveal sensitive operational information. The weakness matches CWE‑284 (Improper Access Control) and CWE‑639 (Privilege Escalation Through Role Manipulation).

Affected Systems

Affected systems are Kaleris Yard Management Solutions, specifically version 7.2.2.1. No other vendors or product versions are listed as impacted.

Risk and Exploitability

The CVSS base score of 4.3 indicates low to moderate severity, and an EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not in CISA’s KEV catalog. Because authentication is required, attackers must have valid credentials; thus the risk is confined to internal or compromised accounts. The exploitation path requires the attacker to have a shipping/receiving role, limiting the attack surface.

Generated by OpenCVE AI on April 10, 2026 at 20:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether Kaleris has released a patch or upgrade that fixes the role‑based access control issue and apply it immediately.
  • If no patch is available, restrict the shipping/receiving role to the minimal permissions needed for its legitimate tasks and audit role assignments regularly.
  • Monitor system logs for unusual dashboard access attempts from users with shipping/receiving privileges.
  • Maintain general security hardening practices, such as enforcing strong passwords and limiting the number of privileged accounts.

Generated by OpenCVE AI on April 10, 2026 at 20:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Authenticated Access to Truck Dashboard Resources via Role-based Access Control Flaw in Kaleris YMS v7.2.2.1

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Kaleris yard Management Solutions
CPEs cpe:2.3:a:kaleris:yard_management_solutions:7.2.2.1:*:*:*:*:*:*:*
Vendors & Products Kaleris yard Management Solutions

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Authenticated Access to Truck Dashboard Resources via Role-based Access Control Flaw in Kaleris YMS v7.2.2.1
First Time appeared Kaleris
Kaleris yms
Vendors & Products Kaleris
Kaleris yms

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources.
Weaknesses CWE-284
CWE-639
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Kaleris Yard Management Solutions Yms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T15:02:11.998Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31150

cve-icon Vulnrichment

Updated: 2026-04-06T15:01:43.688Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T15:17:09.430

Modified: 2026-04-10T18:03:10.237

Link: CVE-2026-31150

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:50Z

Weaknesses