PatchSiren cyber security CVE debrief

CVE-2021-45477 Yordam Information Technologies CVE debrief

CVE-2021-45477 is a medium-severity vulnerability (CVSS 3.1: 6.5) in Yordam Library Automation System versions prior to 19.2. The issue involves improper handling of parameters that could allow an attacker with low privileges to collect data as provided by users. The vulnerability was published in the CVE database on March 2, 2023, though it references a 2021 CVE identifier. The National Vulnerability Database (NVD) last modified this record on May 18, 2026. Turkish cybersecurity authorities (USOM and siberguvenlik.gov.tr) issued advisory TR-23-0119 regarding this vulnerability. The affected product is the Yordam Library Automation System, and the secure version is 19.2 or later.

Vendor: Yordam Information Technologies
Product: Library Automation System
CVSS: MEDIUM 6.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-03-02
Original CVE updated: 2026-05-18
Advisory published: 2023-03-02
Advisory updated: 2026-05-18

Who should care

Organizations using Yordam Library Automation System versions prior to 19.2, particularly libraries and educational institutions in Turkey and regions where this software is deployed. System administrators responsible for library management systems and cybersecurity teams monitoring for data exposure risks should prioritize patching.

Technical summary

The vulnerability stems from improper handling of parameters (CWE-233) in Yordam's Library Automation System. An authenticated attacker with low privileges can exploit this flaw to collect user-provided data. The CVSS 3.1 score of 6.5 (Medium) reflects network accessibility, low attack complexity, and low privilege requirements, with high impact on confidentiality but no integrity or availability impact. The vulnerability is resolved in version 19.2.

Defensive priority

medium

Recommended defensive actions

Upgrade Yordam Library Automation System to version 19.2 or later to remediate this vulnerability.
Review access controls and parameter handling in library automation systems to ensure proper input validation and sanitization.
Monitor for security advisories from USOM (Turkish National Cyber Security Incident Response Center) for additional guidance on this vulnerability.
If immediate patching is not possible, restrict network access to the Library Automation System to trusted users and monitor for anomalous data access patterns.

Evidence notes

The vulnerability description indicates improper parameter handling leading to unauthorized data collection. CVSS vector confirms network attack vector with low attack complexity and low privileges required. CPE criteria confirms affected versions are all versions before 19.2.

Official resources

CVE-2021-45477 CVE record
CVE.org
CVE-2021-45477 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory

This vulnerability was disclosed through official channels including the National Vulnerability Database and Turkish National Cyber Security Incident Response Center (USOM).