[Japanese]

JVNDB-2005-000792

eBASEweb SQL injection vulnerability

Overview

eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data.

eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to apply workarounds to address this vulnerability.
This vulnerability was reported in version 3.0 released before September 2005.
The versions released after September 2005 does not contain this vulnerability issue.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


eBASE
  • eBASEweb version 3.0

Impact

A remote attacker could alter database content or steal data.
Solution

Update the Software

Apply the latest updates provided by the vendor.
Vendor Information

eBASE
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-3333
References

  1. JVN : JVN#59130192
  2. National Vulnerability Database (NVD) : CVE-2005-3333
  3. Secunia Advisory : SA17301
  4. SecurityFocus : 15171
  5. ISS X-Force Database : 22834
  6. SecurityTracker : 1015089
  7. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 20249
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/10/21
Date First Published2008/05/21
Date Last Updated2008/05/21