[Japanese]

JVNDB-2008-001613

Fujitsu Interstage Application Server Access Control Update Problem

Overview

Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


FUJITSU
  • Interstage Application Framework Suite Enterprise Edition V6.0L10
  • Interstage Application Framework Suite Enterprise Edition V6.0L10B
  • Interstage Application Framework Suite Standard Edition V6.0L10
  • Interstage Application Framework Suite Standard Edition V6.0L10B
  • Interstage Application Framework Suite Standard Edition V7.0L10
  • Interstage Application Server Enterprise Edition V6.0L10
  • Interstage Application Server Enterprise Edition V6.0L10B
  • Interstage Application Server Standard Edition V6.0L10
  • Interstage Application Server Standard Edition V6.0L10B

Impact

Access control may not be properly implemented.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Configuration(CWE-16) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN iPedia (Japanese) : JVNDB-2008-001613
Revision History

  • [2008/09/09]
      Web page published

Date Public2008/08/04
Date First Published2008/09/09
Date Last Updated2008/09/09