Sign-up

ID

VAR-200703-0432


CVE

CVE-2007-1786


TITLE

Groupmax Used for products such as Hitachi Collaboration - Online Community Management In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003613

DESCRIPTION

SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-1786 // JVNDB: JVNDB-2007-003613 // BID: 23208 // PACKETSTORM: 55483

AFFECTED PRODUCTS

vendor:hitachimodel:cosminexus collaboration portalscope: - version: -

Trust: 1.4

vendor:hitachimodel:groupmax collaboration portalscope: - version: -

Trust: 1.4

vendor:hitachimodel:groupmax collaboration web clientscope: - version: -

Trust: 1.4

vendor:hitachimodel:ucosminexus collaboration portalscope: - version: -

Trust: 1.4

vendor:hitachimodel:ucosminexus content managerscope: - version: -

Trust: 1.4

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:ucosminexus content managerscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:ucosminexus content managerscope:eqversion:1-00

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file sharescope:eqversion:6-30

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file share 6-20-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file sharescope:eqversion:6-20

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6-30

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-20-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6-20

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file share 7-30-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharescope:eqversion:7-30

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file share 7-20-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharescope:eqversion:7-20

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file share 7-10-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharescope:eqversion:7-10

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file share 7-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharescope:eqversion:7-00

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/cscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-7-30

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-20-/cscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-7-20

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7-30

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-20-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7-20

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-10-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7-10

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7-00

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal forum/file share 6-10-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal forum/file sharescope:eqversion:6-10

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal forum/file share 6-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal forum/file sharescope:eqversion:6-00

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal 6-10-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:6-10

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal 6-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:6-00

Trust: 0.3

sources: BID: 23208 // JVNDB: JVNDB-2007-003613 // CNNVD: CNNVD-200703-701 // NVD: CVE-2007-1786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1786
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1786
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200703-701
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-1786
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-003613 // CNNVD: CNNVD-200703-701 // NVD: CVE-2007-1786

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1786

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-701

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 55483 // CNNVD: CNNVD-200703-701

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003613

PATCH
title:HS07-008url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS07-008/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003613

EXTERNAL IDS
db:NVDid:CVE-2007-1786
Trust: 2.4
db:HITACHIid:HS07-008
Trust: 2.0
db:BIDid:23208
Trust: 1.9
db:SECUNIAid:24693
Trust: 1.8
db:VUPENid:ADV-2007-1168
Trust: 1.6
db:OSVDBid:34544
Trust: 1.6
db:JVNDBid:JVNDB-2007-003613
Trust: 0.8
db:XFid:33348
Trust: 0.6
db:CNNVDid:CNNVD-200703-701
Trust: 0.6
db:PACKETSTORMid:55483
Trust: 0.1
sources:
            
            
            BID: 23208 // 
            
            
            
            JVNDB: JVNDB-2007-003613 // 
            
            
            
            PACKETSTORM: 55483 // 
            
            
            
            CNNVD: CNNVD-200703-701 // 
            
            
            
            NVD: CVE-2007-1786

REFERENCES
url:http://www.hitachi-support.com/security_e/vuls_e/hs07-008_e/index-e.html
Trust: 2.0
url:http://secunia.com/advisories/24693
Trust: 1.6
url:http://osvdb.org/34544
Trust: 1.6
url:http://www.securityfocus.com/bid/23208
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/1168
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33348
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1786
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1786
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/1168
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/33348
Trust: 0.6
url:http://www.hitachi.co.jp/prod/comp/soft1/global/prod/cosminexus/sol/epf/port_view.html
Trust: 0.3
url:http://www.hitachi.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/10832/
Trust: 0.1
url:http://secunia.com/disassembling_og_reversing/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/10834/
Trust: 0.1
url:http://secunia.com/advisories/24693/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/10835/
Trust: 0.1
url:http://secunia.com/linux_security_specialist/
Trust: 0.1
url:http://secunia.com/product/6161/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/10833/
Trust: 0.1
sources:
            
            
            BID: 23208 // 
            
            
            
            JVNDB: JVNDB-2007-003613 // 
            
            
            
            PACKETSTORM: 55483 // 
            
            
            
            CNNVD: CNNVD-200703-701 // 
            
            
            
            NVD: CVE-2007-1786

CREDITS
The vendor reported this issue.
Trust: 0.9
sources:
            
            
            BID: 23208 // 
            
            
            
            CNNVD: CNNVD-200703-701

SOURCES
db:BIDid:23208
db:JVNDBid:JVNDB-2007-003613
db:PACKETSTORMid:55483
db:CNNVDid:CNNVD-200703-701
db:NVDid:CVE-2007-1786

LAST UPDATE DATE
2024-11-23T22:15:02.938000+00:00

SOURCES UPDATE DATE
db:BIDid:23208date:2007-03-30T16:43:00
db:JVNDBid:JVNDB-2007-003613date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200703-701date:2007-04-03T00:00:00
db:NVDid:CVE-2007-1786date:2024-11-21T00:29:09.383

SOURCES RELEASE DATE
db:BIDid:23208date:2007-03-30T00:00:00
db:JVNDBid:JVNDB-2007-003613date:2012-09-25T00:00:00
db:PACKETSTORMid:55483date:2007-04-02T02:42:23
db:CNNVDid:CNNVD-200703-701date:2007-03-31T00:00:00
db:NVDid:CVE-2007-1786date:2007-03-31T10:19:00