[Japanese]

JVNDB-2015-000105

Research Artisan Lite does not properly perform authentication

Overview

Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite does not properly perform authentication (CWE-592).

Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Research Artisan Project
  • Research Artisan Lite prior to ver.1.18

Impact

An attacker may perform operations in Research Artisan Lite without logging into the system.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Research Artisan Project
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-2975
References

  1. JVN : JVN#10559378
  2. National Vulnerability Database (NVD) : CVE-2015-2975
Revision History

[2015/07/24]
  Web page was published
[2015/07/28]
  References : Content was added