[Japanese]

JVNDB-2007-000921

Groupmax Collaboration Schedule Information Disclosure Vulnerability

Overview

The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Groupmax Collaboration Portal
  • Groupmax Collaboration Web Client - Mail/Schedule
  • uCosminexus Collaboration Portal

Impact

Unintended information diasclosure could occur, which an attacker could exploit for further attack.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS07-036
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5808
References

  1. National Vulnerability Database (NVD) : CVE-2007-5808
  2. Secunia Advisory : SA27451
  3. ISS X-Force Database : 38188
  4. FrSIRT Advisories : FrSIRT/ADV-2007-3667
Revision History

  • [2008/05/21]
      Web page published