[Japanese]

JVNDB-2010-001204

Accela BizSearch Access Control Bypass Vulnerability

Overview

The local file seraching function in IntelligentSearch and Accela
BizSearch is prone to an access control bypass vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Accela Technology
  • Accela BizSearch
  • eAccela BizSearch
FUJITSU
  • IntelligentSearch

Impact

Users without permission can access restricted files on the
local Windows machine via the BizSearch search results.
Solution

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
Vendor Information

Accela Technology
  • Accela Technology Corporation : Top Page (Japanese)
FUJITSU
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/04/09]
      Web page published

Date Public2010/03/10
Date First Published2010/04/09
Date Last Updated2010/04/09