[Japanese]

JVNDB-2016-005655

Vulnerabilitie in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM

Overview

A Remote Command Execution Vulnerability was found in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Vendor Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 10.0 (High) [Vendor Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Hitachi, Ltd
  • Groupmax Remote Installation Client
  • Job Management Partner 1/IT Desktop Management 2 - Manager
  • Job Management Partner 1/Software Distribution Workstation
  • Job Management Partner 1/Software Distribution Client
  • Job Management Partner 1/Software Distribution Manager
  • Job Management Partner 1/Software Distribution Manager Embedded RDB Edition
  • Job Management Partner 1/Software Distribution SubManager
  • JP1/IT Desktop Management 2 - Additional License for Linux
  • JP1/IT Desktop Management 2 - Additional License for UNIX
  • JP1/IT Desktop Management 2 - Manager
  • JP1/NETM/DM Client
  • JP1/NETM/DM Client - Base
  • JP1/NETM/DM Client Light Edition
  • JP1/NETM/DM Manager
  • JP1/NETM/DM Manager Embedded RDB Edition
  • JP1/NETM/DM SubManager
  • JP1/NETM/DM/W
  • NETM/DM Client
  • NETM/DM light
  • NETM/DM/P
  • NETM/DM/W

Please refer to the 'Vendor Information' section for more details.
Impact

Remote attackers might exploit this vulnerability to execute arbitrary commands.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS16-028
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2016/11/10]
      Web page was published