[Japanese]

JVNDB-2009-001931

Issue of Access Control Failure in Hitachi Device Manager Server

Overview

Hitachi Device Manager servers contain a vulnerability in which access
control settings would be rendered invalid in the following cases:

- IPv6 format is used for communications between a Hitachi Device
Manager server and its clients.
- Access controls for Hitachi Device Manager clients are set by the
range of IP addresses written in the CIDR format.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Hitachi Device Manager Software
  • JP1/HiCommand Device Manager

Impact

An unauthorized client may gain access to the Hitachi Device Manager server.
Solution

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-013
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2009/08/31]
      Web page published