[Japanese]

JVNDB-2010-001876

Denial of Service (DoS) Vulnerability in JP1/AJS Built-in Database

Overview

A Built-in database used by JP1/Automatic Job Management System 3 (JP1/AJS3) - Manager and JP1/Automatic Job Management System 2 (JP1/AJS2) - Manager contains a vulnerability that could cause a denial of service (DoS) condition when receiving unexpected data. As a result, Job operations of JP1/AJS3 (JP1/AJS2) will be suspended, where client operations from JP1/AJS3 (JP1/AJS2) - View will become unavailable or commands will not work on the Managers.

After the built-in database abends, the service can be restarted by rebooting JP1/AJS3 (JP1/AJS2) and the built-in database.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Job Management Partner 1/Automatic Job Management System 2 - Manager(global version)
  • Job Management Partner 1/Automatic Job Management System 2 - Manager(Chinese version)
  • Job Management Partner 1/Automatic Job Management System 2 - Advanced Manager(global version)
  • Job Management Partner 1/Automatic Job Management System 3 - Manager(global version)
  • JP1/Automatic Job Management System 2 - Manager
  • JP1/Automatic Job Management System 2 - Database
  • JP1/Automatic Job Management System 3 - Manager

Impact

A remote attacker could cause a denial of service (DoS) condition.
Solution

Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS10-019
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/09/01]
      Web page published

Date Public2010/07/30
Date First Published2010/09/01
Date Last Updated2010/09/01