[Japanese]

JVNDB-2009-001930

Issue of Access Control Failure in Groupmax Scheduler Server

Overview

Groupmax Scheduler Server contains a vulnerability in which access
privilege settings can be rendered invalid.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Groupmax Groupware Server
  • Groupmax Server Set
  • Groupware Server Set
  • Scheduler Server Set

Impact

An unauthorized user may gain access to the Groupmax Scheduler Server.
Solution

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-012
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-3172
References

  1. National Vulnerability Database (NVD) : CVE-2009-3172
  2. Secunia Advisory : SA36527
  3. SecurityFocus : 36184
  4. VUPEN Security : VUPEN/ADV-2009-2480
  5. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 57565
Revision History

  • [2009/08/31]
      Web page published

Date Public2009/07/21
Date First Published2009/08/31
Date Last Updated2009/08/31