Teramis
Monthly
Authorization bypass in Teracity TeraMIS (versions V03.26.01.14 through the 30.04.2026 build) lets an authenticated low-privilege user tamper with a user-controlled object key to reach records and functions belonging to other users or higher-privilege roles (CWE-639 IDOR). The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms remote, low-complexity exploitation by any account holder, yielding high confidentiality and integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS and POC data were not provided.
Authorization bypass in Teracity TeraMIS (versions V03.26.01.14 through the 30.04.2026 build) lets an authenticated low-privilege user tamper with a user-controlled object key to reach records and functions belonging to other users or higher-privilege roles (CWE-639 IDOR). The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms remote, low-complexity exploitation by any account holder, yielding high confidentiality and integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS and POC data were not provided.