[Japanese]

JVNDB-2006-000975

Hitachi Soumu Workflow Authentication Bypassing Vulnerability

Overview

Hitachi Soumu Workflow template files contain vulnerabilities that could be exploited to bypass authentication mechanisms.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Koukyoumuke Soumu Workflow Chouhyou Set
  • Soumu Workflow for Groupmax - Fukuri Kousei Set
  • Soumu Workflow for Groupmax - Jinji Idou Set
  • Soumu Workflow for Groupmax - Kakushu Shinsei Set
  • Soumu Workflow for Groupmax - Kinmukyuka Shinsei Set
  • Soumu Workflow for Groupmax - Koutsuhi Set
  • Soumu Workflow for Groupmax - Kaigikousaihi Set
  • Soumu Workflow Koutsuhi Set
  • Soumu Workflow Koutsuhi Set (for Groupmax V6)

Impact

An attacker could access a web page bypassing authentication.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS06-016
  • Hitachi Software Vulnerability Information : HS06-016-01
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-6705
References

  1. National Vulnerability Database (NVD) : CVE-2006-6705
  2. Secunia Advisory : SA23399
  3. SecurityFocus : 21709
  4. ISS X-Force Database : 31031
  5. FrSIRT Advisories : FrSIRT/ADV-2006-5114
Revision History

  • [2008/05/21]
      Web page published