JVNDB-2017-007767

[Japanese]
JVNDB-2017-007767
Self-Decrypting Confidential Files created by JP1/HIBUN may insecurely load Dynamic Link Libraries
Overview
Self-decrypting confidential files created by JP1/HIBUN contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.8 (High) [Vendor Score] Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High CVSS V2 Severity: Base Metrics 6.8 (Medium) [Vendor Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
Affected Products

Hitachi, Ltd JP1/Hibun Advanced Edition Development Kit - Encrypted File Distribution License JP1/Hibun Advanced Edition Development Kit HIBUN Confidential File Create Runtime JP1/Hibun Advanced Edition Development Kit Self-Decrypting Confidential File Create Runtime JP1/Hibun Advanced Edition Development Kit Server JP1/Hibun Advanced Edition File Encryption JP1/Hibun Advanced Edition Information Cypher JP1/Hibun Advanced Edition MailGuard JP1/Hibun Advanced Edition Optical Disc Encryption JP1/Hibun Data Encryption JP1/Hibun Data Encryption - Subscription Type JP1/Hibun Data Encryption - Subscription Type - 24 Hours Support
Please refer to Vendor Information for more details.
Impact
Regarding the impact of the vulnerability, please refer to the vendor advisory.
Solution
Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information
Hitachi, Ltd Hitachi : Hibun support 20170929 (in Japanese) Hitachi : HWS17-005 (in Japanese) Hitachi Incdent Response Team : HIRT-PUB17011 (in Japanese) Hitachi Software Vulnerability Information : hitachi-sec-2017-124
CWE (What is CWE?)
No Mapping(CWE-noinfo) [NVD Evaluation]
CVE (What is CVE?)

References
JVN : JVNTA#91240916
Revision History
[2017/10/03] Web page was published [2017/10/06] CVSS Severity was modified


Date Public	2017/09/29
Date First Published	2017/10/03
Date Last Updated	2017/10/06

Self-Decrypting Confidential Files created by JP1/HIBUN may insecurely load Dynamic Link Libraries