Description
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is found in Industrial Application Software IAS Canias ERP 8.03, within the Java RMI Session Management component. The iasServerRemoteInterface.doAction method does not enforce proper authentication, allowing an attacker to traverse session boundaries. A remote attacker could impersonate a legitimate user or initiate actions on the system, compromising confidentiality and integrity of business data. The weakness is a classic authentication bypass, corresponding to CWE-287.

Affected Systems

Affected is the Canias ERP 8.03 version of Industrial Application Software IAS. No other versions or configurations are mentioned. The functionality affected is the remote interface used for session management via Java RMI.

Risk and Exploitability

The CVSS base score of 6.9 indicates a moderate severity level. No EPSS figure is available and the vulnerability is not in the CISA KEV catalog, suggesting a lower likelihood of widespread exploitation. The attack is remote, requiring the attacker to reach the Java RMI endpoint. Because the flaw is an authentication bypass, an attacker that can reach the endpoint can potentially gain unauthorized access without additional privileges. Systems with publicly exposed RMI interfaces are at higher risk.

Generated by OpenCVE AI on May 10, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or restrict remote RMI access, ensuring only trusted hosts can connect.
  • Apply any available vendor patch or upgrade to a version where the flaw is resolved; if not available, contact IAS for an official fix.
  • Implement network segmentation and firewall rules to block unsolicited RMI traffic from external networks.
  • Add stricter authentication checks or enable secure RMI (e.g., SSL/TLS) to mitigate risks until a patch is applied.

Generated by OpenCVE AI on May 10, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Title Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
Weaknesses CWE-287
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T01:00:11.633Z

Reserved: 2026-05-09T07:19:37.329Z

Link: CVE-2026-8216

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T01:16:08.263

Modified: 2026-05-10T01:16:08.263

Link: CVE-2026-8216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T02:30:02Z

Weaknesses