JVNDB-2011-000030

[Japanese]
JVNDB-2011-000030
iVIEW Suite vulnerable to SQL injection
Overview
iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 7.5 (High) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
Affected Products

RADVISION iVIEW Suite prior to v7.5

Impact
A remote attacker may view or alter the information on the system.
Solution
[Update the Software] Update to the latest version according to the information provided by the distributor.
Vendor Information
RADVISION RADVISION : Top Page RADVISION : iView Suite Technical Documentation
CWE (What is CWE?)
SQL Injection(CWE-89) [IPA Evaluation]
CVE (What is CVE?)
CVE-2011-1328
References
JVN : JVN#77697803 National Vulnerability Database (NVD) : CVE-2011-1328 IPA SECURITY ALERTS : Security Alert for Vulnerability in RADVISION iVIEW Suite
Revision History
[2011/05/19] Web page published

iVIEW Suite vulnerable to SQL injection