[Japanese]

JVNDB-2007-000699

JP1/NETM/DM Manager SQL Injection Vulnerability

Overview

JP1/NETM/DM Manager for Windows is vulnerable to SQL injection where a relational database is used as the JP1/NETM/DM database. This could allow attackers to execute arbitrary SQL command and/or corrupt database when it receives a malformed request.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Groupmax Remote Installation Server Version 2.0
  • Groupmax Remote Installation Server Version 3
  • Job Management Partner 1/Software Distribution Manager (Chinese Version)
  • Job Management Partner 1/Software Distribution Manager (English Version)
  • Job Management Partner 1/Software Distribution Manager Embedded RDB Edition (Chinese Version)
  • Job Management Partner 1/Software Distribution Manager Embedded RDB Edition (English Version)
  • JP1/NETM/DM Manager
  • JP1/NETM/DM Manager Embedded RDB Edition
  • NETM/DM

Impact

An attacker could execute arbitrary SQL commands and violate database integrity.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS07-019
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-3793
References

  1. National Vulnerability Database (NVD) : CVE-2007-3793
  2. Secunia Advisory : SA26052
  3. SecurityFocus : 24903
  4. ISS X-Force Database : 35386
  5. FrSIRT Advisories : FrSIRT/ADV-2007-2535
Revision History

  • [2008/05/21]
      Web page published