[Japanese]

JVNDB-2010-002011

JP1/NETM/Remote Control Agent Authentication Bypass Vulnerability

Overview

A vulnerability in the file transfer feature in the JP1/NETM/Remote Control Agent may allow authentication bypass.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Job Management Partner 1/Remote Control Agent
  • Job Management Partner 1/Software Distribution Client
  • Job Management Partner 1/Software Distribution Manager
  • Job Management Partner 1/Software Distribution Manager Embedded RDB Edition
  • Job Management Partner 1/Software Distribution SubManager
  • JP1/NETM/DM Client Remote Control Feature
  • JP1/NETM/DM Client
  • JP1/NETM/DM Manager
  • JP1/NETM/DM Manager Embedded RDB Edition
  • JP1/NETM/DM SubManager
  • JP1/NETM/Remote Control Agent
  • JP1/NETM/Remote Control Agent for Blade PC
  • JP1/Remote Control Agent
  • JP1/Remote Control Set
  • JP1/ServerConductor/Agent

Impact

A remote attacker could manipulate arbitrary files on the system installed with the Remote Control Agent.
Solution

ease refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS10-025
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/09/21]
      Web page published

Date Public2010/08/31
Date First Published2010/09/21
Date Last Updated2010/09/21