[Japanese]

JVNDB-2010-002077

Phishing Vulnerability in Accela BizSearch Document View Window

Overview

The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to:
* display a fraudulent web page over a legitimate web page
* steal cookies stored in browser
* place arbitrary cookies into browser
CVSS Severity (What is CVSS?)

Base Metrics: 5.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Accela Technology
  • Accela BizSearch
  • eAccela BizSearch
FUJITSU
  • IntelligentSearch

Impact

A remote attacker could display a fraudulent web page over a legitimate one, steal cookies stored in browser or place arbitrary cookies into browser.
Solution

Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.
Vendor Information

Accela Technology
  • Accela Technology Corporation : Top Page (Japanese)
FUJITSU
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

[2010/10/13]
  Web page published

Date Public2010/09/02
Date First Published2010/10/13
Date Last Updated2010/10/13