[Japanese]

JVNDB-2009-001087

Fujitsu Enhanced Support Facility HRM-S Hardware/Software Information Disclosure Vulnerability

Overview

A vulnerability exists in the HRM-S of Fujitsu Enhanced Support
Facility that allows the issue of hardware and software information
requests by remote unauthenticated users.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


FUJITSU
  • Enhanced Support Facility 3.0
  • Enhanced Support Facility 3.0.1

Impact

A remote attacker could obtain the hardware and software configuration
information on the vulnerable system.
Solution

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2009-0867
References

  1. National Vulnerability Database (NVD) : CVE-2009-0867
  2. Secunia Advisory : SA33974
  3. ISS X-Force Database : 48817
  4. JVN iPedia (Japanese) : JVNDB-2009-001087
Revision History

  • [2009/03/24]
      Web page published

Date Public2009/02/19
Date First Published2009/03/24
Date Last Updated2009/03/24