Name of the Vulnerable Software and Affected Versions Галактика ERP (affected versions not specified)

Description The issue is related to the lack of validation of incoming requests in the arpc Span module of the atlcore .dll library, which is part of the Галактика ERP system. This can be exploited by a remote attacker to read data byte-by-byte from the server service process memory, potentially including user credentials, by sending specially crafted network packets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.