Industrial Application Software Canias ERP Improper Authentication Vulnerability in RMI Interface
Vulnerability
A vulnerability exists in Industrial Application Software (IAS) Canias ERP version 8.03, specifically within the RMI Interface component. The issue arises in the doAction function, where manipulation of the sessionId argument leads to improper authentication. This vulnerability can be exploited remotely.
Impact
Exploitation of this vulnerability allows for improper authentication, potentially leading to unauthorized access or actions within the application.
Reproduction
The vulnerability can be reproduced by sending a crafted request to the RMI registry on port 27499, targeting the '11000000S2OUT' binding. The request must include a manipulated sessionId to bypass authentication. Once the request is processed, the response can be parsed to extract user session information, demonstrating the successful exploitation of the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.