[Japanese]

JVNDB-2008-001910

Groupmax Collaboration - Schedule Mis-scheduling Problem: Unintended Members Included When Reservations are Made by Secretary

Overview

In the event a secretary makes a reservation using Groupmax Collaboration - Schedule, there might be a scheduling error that causes unintended members to also have the event included in their schedules.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Groupmax Collaboration Portal
  • Groupmax Collaboration Web Client - Mail/Schedule
  • uCosminexus Collaboration Portal

Impact

There is a possibility that unintended members (one's self, superior, or facilities) have the event registered in their schedules.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS08-025
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN iPedia (Japanese) : JVNDB-2008-001910
Revision History

  • [2008/12/05]
      Web page published

Date Public2008/10/31
Date First Published2008/12/05
Date Last Updated2008/12/05