Sign-up

ID

VAR-200605-0309


CVE

CVE-2006-2512


TITLE

ILF Hitachi EUR Unknown SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-3356 // CNNVD: CNNVD-200605-405

DESCRIPTION

SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. Hitachi EUR is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the application, access or modify data, gain administrative access to the application, or exploit vulnerabilities in the underlying database implementation. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been reported in the following products: * EUR Professional Edition version 05-00 through 05-06 (Windows). * EUR Viewer version 05-00 through 05-06 (Windows). (Windows). (Linux/AIX/HP-UX/Solaris). Contact the vendor to obtain the fixed versions. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-010_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-2512 // CNVD: CNVD-2006-3356 // BID: 18015 // PACKETSTORM: 46319

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-3356

AFFECTED PRODUCTS

vendor:hitachimodel:eur print servicescope:eqversion:05_01

Trust: 1.6

vendor:hitachimodel:eur print servicescope:eqversion:05_06

Trust: 1.6

vendor:hitachimodel:eur professionalscope:eqversion:05_00

Trust: 1.6

vendor:hitachimodel:eur viewerscope:eqversion:05_00

Trust: 1.6

vendor:hitachimodel:eur professionalscope:eqversion:05_06

Trust: 1.6

vendor:hitachimodel:eur viewerscope:eqversion:05_06

Trust: 1.6

vendor:hitachimodel:eur print service for ilfscope:eqversion:05_06

Trust: 1.6

vendor:eurmodel:print service hitachi 05 01scope: - version: -

Trust: 0.6

vendor:eurmodel:print service hitachi 05 06scope: - version: -

Trust: 0.6

vendor:eurmodel:print service for ilf hitachi 05 06scope: - version: -

Trust: 0.6

vendor:eurmodel:professional hitachi 05 06scope: - version: -

Trust: 0.6

vendor:eurmodel:viewer hitachi 05 00scope: - version: -

Trust: 0.6

vendor:eurmodel:viewer hitachi 05 06scope: - version: -

Trust: 0.6

vendor:eurmodel:professional hitachi 05 00scope: - version: -

Trust: 0.6

vendor:hitachimodel:eur viewerscope:eqversion:05-06

Trust: 0.3

vendor:hitachimodel:eur viewerscope:eqversion:05-00

Trust: 0.3

vendor:hitachimodel:eur professionalscope:eqversion:05-06

Trust: 0.3

vendor:hitachimodel:eur professionalscope:eqversion:05-00

Trust: 0.3

vendor:hitachimodel:eur print service for ilfscope:eqversion:05-06

Trust: 0.3

vendor:hitachimodel:eur print servicescope:eqversion:05-06

Trust: 0.3

vendor:hitachimodel:eur print servicescope:eqversion:05-01

Trust: 0.3

vendor:hitachimodel:eur viewer 05-06-/ascope:neversion: -

Trust: 0.3

vendor:hitachimodel:eur professional 05-06-/ascope:neversion: -

Trust: 0.3

vendor:hitachimodel:eur print service 05-06-/ascope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2006-3356 // BID: 18015 // CNNVD: CNNVD-200605-405 // NVD: CVE-2006-2512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2512
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2006-3356
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200605-405
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-2512
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-3356
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-3356 // CNNVD: CNNVD-200605-405 // NVD: CVE-2006-2512

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-405

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 46319 // CNNVD: CNNVD-200605-405

EXTERNAL IDS

db:BIDid:18015

Trust: 2.5

db:SECUNIAid:20106

Trust: 2.4

db:NVDid:CVE-2006-2512

Trust: 2.2

db:HITACHIid:HS06-010

Trust: 2.0

db:OSVDBid:25558

Trust: 1.6

db:VUPENid:ADV-2006-1841

Trust: 1.6

db:CNVDid:CNVD-2006-3356

Trust: 0.6

db:XFid:26483

Trust: 0.6

db:CNNVDid:CNNVD-200605-405

Trust: 0.6

db:PACKETSTORMid:46319

Trust: 0.1

sources: CNVD: CNVD-2006-3356 // BID: 18015 // PACKETSTORM: 46319 // CNNVD: CNNVD-200605-405 // NVD: CVE-2006-2512

REFERENCES

url:http://secunia.com/advisories/20106

Trust: 2.2

url:http://www.hitachi-support.com/security_e/vuls_e/hs06-010_e/index-e.html

Trust: 2.0

url:http://www.securityfocus.com/bid/18015

Trust: 1.6

url:http://www.osvdb.org/25558

Trust: 1.6

url:http://www.vupen.com/english/advisories/2006/1841

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26483

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/26483

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/1841

Trust: 0.6

url:http://www.hitachi.com/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/20106/

Trust: 0.1

url:http://secunia.com/product/9989/

Trust: 0.1

url:http://secunia.com/product/9988/

Trust: 0.1

url:http://secunia.com/product/9990/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2006-3356 // BID: 18015 // PACKETSTORM: 46319 // CNNVD: CNNVD-200605-405 // NVD: CVE-2006-2512

CREDITS

Hitachi

Trust: 0.6

sources: CNNVD: CNNVD-200605-405

SOURCES

db:CNVDid:CNVD-2006-3356
db:BIDid:18015
db:PACKETSTORMid:46319
db:CNNVDid:CNNVD-200605-405
db:NVDid:CVE-2006-2512

LAST UPDATE DATE

2024-08-14T15:31:03.453000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-3356date:2006-05-22T00:00:00
db:BIDid:18015date:2006-05-17T21:54:00
db:CNNVDid:CNNVD-200605-405date:2006-05-23T00:00:00
db:NVDid:CVE-2006-2512date:2017-07-20T01:31:32.867

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-3356date:2006-05-22T00:00:00
db:BIDid:18015date:2006-05-17T00:00:00
db:PACKETSTORMid:46319date:2006-05-17T21:10:06
db:CNNVDid:CNNVD-200605-405date:2006-05-22T00:00:00
db:NVDid:CVE-2006-2512date:2006-05-22T21:06:00