Impact
The vulnerability stems from improper access control that allows users to access functions without proper ACL enforcement, exposing sensitive information. It is classified as a CWE-213 weakness, compromising data confidentiality and potentially allowing malicious actors to read or modify protected data. The disclosed issue could enable attackers to gather confidential business information, disrupt operations, or commit identity theft across affected systems. The impact remains confined to the scope of users who can reach the exposed functionality, yet the loss of data integrity and privacy can have broad organizational consequences.
Affected Systems
Nomysoft Informatics Education and Consulting Inc. develops Nomysem, a product that is affected through the version dated 08-07-2026. No additional version details are available, indicating that all releases up to that date are vulnerable. Users of this software should verify their installation date against the stated cutoff to assess exposure.
Risk and Exploitability
With a CVSS score of 6.5 the vulnerability is considered moderate; the EPSS score is not available, and the issue is not listed in CISA KEV. The likely attack vector is an internal or network-facing interface where access control checks are bypassed, though the exact method is not specified. Attackers would need to target the affected application’s functions directly, potentially exploiting weak authentication or missing authorization checks. Due to the lack of exploit data, the risk remains moderate but warrants timely remediation.
OpenCVE Enrichment