[Japanese]

JVNDB-2011-000093

Multiple SKYARC System Co., Ltd. products fail to restrict access permissions

Overview

Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


SKYARC System
  • AuthorEffective version 1.03 and earlier
  • AutoTagging version 0.08 and earlier
  • DuplicateEntry version 1.2 and earlier
  • EntryImExporter version 1.41 and earlier
  • MailPack version 1.741 and earlier
  • MTCMS version 5.251 and earlier
  • MTCMS Enterprise version 5.251 and earlier
  • MTCMS Smart version 5.251 and earlier
  • MultiFileUploader version 0.44 and earlier

Impact

A user without the appropriate privileges may alter settings and files.
Solution

[Apply an update]
Update to the latest version according to the information provided by the developer.
Vendor Information

SKYARC System
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2011-3993
References

  1. JVN : JVN#41032068
  2. National Vulnerability Database (NVD) : CVE-2011-3993
Revision History

  • [2011/10/31]
      Web page published
    [2011/11/08]
      Affected Products : Products was added
      Vendor Information : Contents was changed

Date Public2011/10/31
Date First Published2011/10/31
Date Last Updated2011/11/08