Primary

Context

Interinfo DreamMaker Missing Authentication Vulnerability in Administrative Functionality

Vulnerability

A vulnerability allowing missing authentication for critical functions has been identified in Interinfo DreamMaker versions prior to October 22, 2025. This issue resides in the /servlet/baServer3 endpoint, where remote attackers can access administrative functionalities without authentication.

Impact

Exploitation of this vulnerability allows unauthorized access to administrative functions, potentially leading to unauthorized changes or management of the application.

Remediation

It is recommended to configure network firewalls, load balancers, or Access Control Lists (ACLs) to restrict access to the affected endpoint /servlet/baServer3. External network connections should be completely blocked, allowing access only from trusted internal management IP addresses.

Added: Jan 30, 2026, 5:19 AM

Updated: Jan 30, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Interinfo DreamMaker Missing Authentication Vulnerability in Administrative Functionality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating