Library Automation System
Monthly
Authentication bypass in Yordam Library Automation System versions 21.6 through 22.0 enables remote attackers to impersonate legitimate users and gain unauthorized administrative access by manipulating user identifiers in requests. Attackers who successfully exploit this vulnerability can achieve full system compromise including reading sensitive library records, modifying catalog data, and disrupting availability. The vulnerability requires user interaction (likely social engineering or malicious link), but no authentication, making it accessible to external threat actors. TR-CERT has published an advisory confirming the issue affects Turkish government and educational institutions using this library management platform.
Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication bypass in Yordam Library Automation System versions 21.6 through 22.0 enables remote attackers to impersonate legitimate users and gain unauthorized administrative access by manipulating user identifiers in requests. Attackers who successfully exploit this vulnerability can achieve full system compromise including reading sensitive library records, modifying catalog data, and disrupting availability. The vulnerability requires user interaction (likely social engineering or malicious link), but no authentication, making it accessible to external threat actors. TR-CERT has published an advisory confirming the issue affects Turkish government and educational institutions using this library management platform.
Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.