Primary

Context

Kaleris YMS Access Control Vulnerability in Version 7.2.2.1

Vulnerability

A broken access control vulnerability exists in Kaleris YMS version 7.2.2.1. It allows authenticated users with the shipping/receiving role to access the truck dashboard resources, which should be restricted. This vulnerability arises from incorrect access control mechanisms that fail to properly limit resource visibility based on user roles.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive dashboard resources, potentially allowing users to view or manipulate information they should not have access to.

Reproduction

To reproduce this vulnerability, log into the Kaleris YMS application with a user account assigned the shipping/receiving role. Once logged in, navigate to the truck dashboard resources. The access will be granted despite the user's role not being authorized to view such information.

Added: Apr 6, 2026, 3:29 PM

Updated: Apr 6, 2026, 3:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.0

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.0

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kaleris YMS Access Control Vulnerability in Version 7.2.2.1

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating