[Japanese]

JVNDB-2009-001033

Multiple Vulnerabilities in uCosminexus Portal Framework

Overview

uCosminexus Portal Framework contains multiple vulnerabilities.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Cosminexus Collaboration Portal
  • Cosminexus Collaboration Portal - Forum/File Sharing
  • Cosminexus Portal Framework
  • Cosminexus Portal Framework - Light
  • Groupmax Collaboration Portal
  • Groupmax Collaboration Web Client - Mail/Schedule
  • Groupmax Collaboration Web Client - Forum/File Sharing
  • JP1/Integrated Management - Service Support
  • uCosminexus Collaboration Portal
  • uCosminexus Collaboration Portal - Forum/File Sharing
  • uCosminexus Content Manager
  • uCosminexus Portal Framework
  • uCosminexus Portal Framework - Light
  • Electronic Form Workflow Set
  • Electronic Form Workflow Developer Set

Impact

A remote attacker could perform malicious acts, such as information leaking, identity spoofing and updating data with wrong values.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-005
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN iPedia (Japanese) : JVNDB-2009-001033
Revision History

  • [2009/03/02]
      Web page published