Description
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-07-08
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from improper access control that allows users to access functions without proper ACL enforcement, exposing sensitive information. It is classified as a CWE-213 weakness, compromising data confidentiality and potentially allowing malicious actors to read or modify protected data. The disclosed issue could enable attackers to gather confidential business information, disrupt operations, or commit identity theft across affected systems. The impact remains confined to the scope of users who can reach the exposed functionality, yet the loss of data integrity and privacy can have broad organizational consequences.

Affected Systems

Nomysoft Informatics Education and Consulting Inc. develops Nomysem, a product that is affected through the version dated 08-07-2026. No additional version details are available, indicating that all releases up to that date are vulnerable. Users of this software should verify their installation date against the stated cutoff to assess exposure.

Risk and Exploitability

With a CVSS score of 6.5 the vulnerability is considered moderate; the EPSS score is not available, and the issue is not listed in CISA KEV. The likely attack vector is an internal or network-facing interface where access control checks are bypassed, though the exact method is not specified. Attackers would need to target the affected application’s functions directly, potentially exploiting weak authentication or missing authorization checks. Due to the lack of exploit data, the risk remains moderate but warrants timely remediation.

Generated by OpenCVE AI on July 8, 2026 at 15:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or update for Nomysem when released
  • Review and enforce proper ACLs on all sensitive functions within the application
  • Continuously monitor logs for unauthorized access attempts and investigate anomalies
  • Segregate the application in a secure network segment, limiting exposure to untrusted networks

Generated by OpenCVE AI on July 8, 2026 at 15:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
Description Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title Improper Access Control in Nomysoft Informatics' Nomysem
Weaknesses CWE-213
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-07-08T12:09:27.160Z

Reserved: 2026-04-14T14:24:35.901Z

Link: CVE-2026-6280

cve-icon Vulnrichment

Updated: 2026-07-08T12:09:22.357Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:15:04Z

Weaknesses
  • CWE-213

    Exposure of Sensitive Information Due to Incompatible Policies