[Japanese]

JVNDB-2012-000096

MosP kintai kanri fails to restrict access permissions

Overview

MosP kintai kanri contains an issue where access permissions are not restricted.

MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an issue where access permissions are not restricted.

Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


MIND CO.,LTD.
  • MosP kintai kanri prior to V4.1.0

Impact

A user's information may be obtained by another user with a MosP kintai kanri account.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

MIND CO.,LTD.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-4020
References

  1. JVN : JVN#23465354
  2. National Vulnerability Database (NVD) : CVE-2012-4020
Revision History

[2012/11/02]
  Web page was published