Description
A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The IAS Canias ERP 8.03 system has a path traversal flaw in its RMI interface function iasRequestFileEvent. By altering the m_strSourceFileName argument, an attacker can cause the server to resolve directories outside the intended file boundary and read arbitrary files on the underlying filesystem. Remote exploitation is possible because the vulnerable function is exposed through RMI and can be hit from outside the host without prior authentication, according to the description.

Affected Systems

Industrial Application Software IAS Canias ERP version 8.03 is the only product and version explicitly listed as affected. No other releases or related components are mentioned.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited observed exploitation. However, because the flaw can be triggered remotely and the exploit has been publicly disclosed, administrators should treat it as a realistic threat until mitigation steps are applied.

Generated by OpenCVE AI on May 10, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued update or upgrade to a patched version of IAS Canias ERP.
  • If remote RMI access is not essential, disable it or restrict it using firewall rules to trusted IP addresses.
  • Implement strict validation on the m_strSourceFileName parameter to reject paths containing traversal characters or that resolve outside the permitted directory.
  • Monitor application and system logs for abnormal file access attempts and investigate any suspicious activity.

Generated by OpenCVE AI on May 10, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Industrial Application Software IAS Canias ERP RMI iasRequestFileEvent path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T00:30:09.932Z

Reserved: 2026-05-09T07:19:34.661Z

Link: CVE-2026-8215

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T01:16:08.090

Modified: 2026-05-10T01:16:08.090

Link: CVE-2026-8215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T03:30:03Z

Weaknesses