Description
A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the iasGetServerInfoEvent function of the RMI interface allows an attacker to perform actions without proper authorization, thereby enabling remote exploitation. The vulnerability arises from improper authorization controls, exposing the system to unauthorized access and potentially compromising both data confidentiality and integrity. It is a significant weakness that could be exploited to gain privileged access to the ERP system.

Affected Systems

Industrial Application Software IAS Canias ERP version 8.03 is affected. The flaw exists within the RMI component that handles server information events. No other products or versions are listed as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity impact. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation. The likely attack vector is remote access to the RMI service, with an attacker potentially sending crafted requests to invoke the vulnerable function. The exploit is publicly disclosed, and the vendor has not responded to the disclosure, implying the risk remains unmitigated until a patch is issued.

Generated by OpenCVE AI on May 10, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict the RMI interface to trusted network sources or enforce strict firewall rules to limit remote access.
  • Disable or lock down the iasGetServerInfoEvent function until a vendor patch is released.
  • Apply any official vendor patch or upgrade to a newer ERP version as soon as it becomes available.

Generated by OpenCVE AI on May 10, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 08:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Industrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T07:45:09.037Z

Reserved: 2026-05-09T16:33:09.815Z

Link: CVE-2026-8241

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T09:16:31.840

Modified: 2026-05-10T09:16:31.840

Link: CVE-2026-8241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T09:30:05Z

Weaknesses