Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Missing authorization on network-reachable endpoints needs no auth or interaction (AV:N/AC:L/PR:N/UI:N); primarily discloses data (C:H) with minor integrity effect (I:L) and no availability impact.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.
This issue affects Access Control System (GKS): before Version 2.
AnalysisAI
Information disclosure in Armiya Information Technologies' Access Control System (GKS) before Version 2 allows remote unauthenticated attackers to collect sensitive data from common resource locations due to a missing authorization check. Because the affected endpoints do not verify that a requester is entitled to the data they return, an attacker who can reach the system over the network can harvest information without credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the GKS application and knowledge of the 'common resource locations' (shared/well-known endpoints or paths) that the system exposes without an authorization check; per CVSS PR:N and UI:N, no authentication and no user interaction are needed against a reachable instance. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N, base 8.2) describes a network-reachable, low-complexity, unauthenticated attack with high confidentiality impact and only limited integrity impact - a strong signal for a data-exposure priority where the system is internet- or LAN-reachable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the GKS application sends requests to well-known or common resource locations without supplying any credentials, and the server returns access-control data (such as identity, permission, or configuration records) because no authorization check is enforced. Repeating this against enumerated resource paths lets the attacker bulk-collect sensitive data. … |
| Remediation | Upgrade Access Control System (GKS) to Version 2 or later, which is the fixed release implied by the 'before Version 2' affected range; treat any build prior to Version 2 as vulnerable. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all GKS deployments and confirm versions; assess network accessibility and prioritize systems exposed to untrusted networks or the public internet. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Access Control System Gks
View allStored cross-site scripting in Armiya Information Technologies' Access Control System (GKS) versions before 2 allows an
Reflected XSS in Armiya Information Technologies' Access Control System (GKS) allows unauthenticated remote attackers to
Reflected cross-site scripting in Armiya Information Technologies' Access Control System (GKS) before Version 2 allows a
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42019
GHSA-37xf-hmm2-cg24