[Japanese] | |
JVNDB-2023-000052 | |
DataSpider Servista uses a hard-coded cryptographic key | |
Overview | |
DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
| |
Affected Products | |
| |
SAISON INFORMATION SYSTEMS CO.,LTD. | |
The developer states that some of DataSpider Servista's OEM products are affected by this vulnerability. For information on the affected products and the versions, refer to the vendors' advisories from "Vendor Status" of this JVN advisory. | |
Impact | |
An attacker, who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, may perform operations using the user privilege encrypted in the file. | |
Solution | |
[Apply the patch and follow the additional procedure] | |
Vendor Information | |
WingArc1st Inc. | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2023/05/31 |
Date First Published | 2023/05/31 |
Date Last Updated | 2024/03/19 |