Description
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is found in Industrial Application Software IAS Canias ERP 8.03, within the Java RMI Session Management component. The iasServerRemoteInterface.doAction method does not enforce proper authentication, allowing an attacker to traverse session boundaries. A remote attacker could impersonate a legitimate user or initiate actions on the system, compromising confidentiality and integrity of business data. The weakness is a classic authentication bypass, corresponding to CWE-287.

Affected Systems

Affected is the Canias ERP 8.03 version of Industrial Application Software IAS. No other versions or configurations are mentioned. The functionality affected is the remote interface used for session management via Java RMI.

Risk and Exploitability

The CVSS base score of 6.9 indicates a moderate severity level. No EPSS figure is available and the vulnerability is not in the CISA KEV catalog, suggesting a lower likelihood of widespread exploitation. The attack is remote, requiring the attacker to reach the Java RMI endpoint. Because the flaw is an authentication bypass, an attacker that can reach the endpoint can potentially gain unauthorized access without additional privileges. Systems with publicly exposed RMI interfaces are at higher risk.

Generated by OpenCVE AI on May 10, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or restrict remote RMI access, ensuring only trusted hosts can connect.
  • Apply any available vendor patch or upgrade to a version where the flaw is resolved; if not available, contact IAS for an official fix.
  • Implement network segmentation and firewall rules to block unsolicited RMI traffic from external networks.
  • Add stricter authentication checks or enable secure RMI (e.g., SSL/TLS) to mitigate risks until a patch is applied.

Generated by OpenCVE AI on May 10, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

 cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:ND'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:X'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:X'}

Sun, 10 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Industrial Application Software Ias
Industrial Application Software Ias canias Erp
Vendors & Products Industrial Application Software Ias
Industrial Application Software Ias canias Erp

Sun, 10 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Title Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
Weaknesses CWE-287
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Industrial Application Software Ias Canias Erp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-12T02:30:50.380Z

Reserved: 2026-05-09T07:19:37.329Z

Link: CVE-2026-8216

cve-icon Vulnrichment

Updated: 2026-05-12T02:30:46.096Z

cve-icon NVD

Status : Deferred

Published: 2026-05-10T01:16:08.263

Modified: 2026-05-11T15:08:09.893

Link: CVE-2026-8216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T21:24:17Z

Weaknesses