[Japanese]

JVNDB-2012-001932

Vulnerability in Fujitsu Interstage List Works Where Permissions Cannot Be Denied

Overview

Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on the lists.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 3.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


FUJITSU
  • Interstage List Works Enterprise Edition V7.0L10
  • Interstage List Works Enterprise Edition V7.0L10A through V7.0L10D
  • Interstage List Works Enterprise Edition 8.0.0 and 8.0.1
  • Interstage List Works Enterprise Edition V9.0.1 and V9.0.1A
  • Interstage List Works Enterprise Edition V9.1.0
  • Interstage List Works Enterprise Edition V10.0.0 and V10.1.0
  • Interstage List Works Standard Edition V7.0L10
  • Interstage List Works Standard Edition V7.0L10A through V7.0L10D
  • Interstage List Works Standard Edition 8.0.0 and 8.0.1
  • Interstage List Works Standard Edition V9.0.1 and V9.0.1A
  • Interstage List Works Standard Edition V9.1.0
  • Interstage List Works Standard Edition V10.0.0 and V10.1.0

Impact

A user who is denied permission to access a specific data may access and delete the list.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2012/4/11]
      Web page was published