[Japanese]

JVNDB-2010-001395

Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability

Overview

An arbitrary code execution vulnerability exists in several EUR Form and EUR products.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Hitachi, Ltd
  • EUR Form Client
  • EUR Form Service
  • EUR Professional Edition
  • EUR Professional Edition - Form Option
  • uCosminexus EUR Developer
  • uCosminexus EUR Form Control - Developer's Kit
  • uCosminexus EUR Form Control - Runtime
  • uCosminexus EUR Form Service
  • Electronic Form Workflow Standard Set
  • Electronic Form Workflow Professional Library Set
  • Electronic Form Workflow Developer Client Set
  • Electronic Form Workflow Set
  • Electronic Form Workflow Professional Set
  • Electronic Form Workflow Developer Set

Impact

A remote attacker could execute arbitrary code through the affected web pages.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS10-003
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/05/18]
      Web page published

Date Public2010/03/31
Date First Published2010/05/18
Date Last Updated2010/05/18