Sign-up

ID

VAR-200707-0285


CVE

CVE-2007-3793


TITLE

JP1/NETM/DM Manager SQL Injection Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-000699

DESCRIPTION

SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi JP1/NETM/DM Manager products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Hitachi JP1/NETM/DM Manager SQL Injection Vulnerability SECUNIA ADVISORY ID: SA26052 VERIFY ADVISORY: http://secunia.com/advisories/26052/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: Hitachi JP1/NETM/DM Manager http://secunia.com/product/14788/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/NETM/DM Manager, which can be exploited by malicious users to conduct SQL injection attacks. Unspecified input is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Update to the latest version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-3793 // JVNDB: JVNDB-2007-000699 // BID: 24903 // PACKETSTORM: 57722

AFFECTED PRODUCTS

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:*

Trust: 1.0

vendor:hitachimodel:groupmax remote installation serverscope:eqversion:version 2.0

Trust: 0.8

vendor:hitachimodel:groupmax remote installation serverscope:eqversion:version 3

Trust: 0.8

vendor:hitachimodel:job management partner 1/software distribution managerscope:eqversion:(chinese version)

Trust: 0.8

vendor:hitachimodel:job management partner 1/software distribution managerscope:eqversion:(english version)

Trust: 0.8

vendor:hitachimodel:job management partner 1/software distribution managerscope:eqversion:embedded rdb edition (chinese version)

Trust: 0.8

vendor:hitachimodel:job management partner 1/software distribution managerscope:eqversion:embedded rdb edition (english version)

Trust: 0.8

vendor:hitachimodel:jp1/netm/dm managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:embedded rdb edition

Trust: 0.8

vendor:hitachimodel:netm/dmscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:06-00

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:06-72-g

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:07-00

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:08-00

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:05-24-e\(\*1\)

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:03-00

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:07-53-09

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:07-50

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:08-10

Trust: 0.6

vendor:hitachimodel:jp1-netm-dm managerscope:eqversion:08-02-01

Trust: 0.6

vendor:hitachimodel:netm/dm 02-03-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:netm/dmscope:eqversion:02-00

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm manager embedded rdb editionscope:eqversion:07-53-09

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm manager embedded rdb editionscope:eqversion:07-00

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:08-10

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:08-02-01

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:08-00

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:07-53-09

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:07-50

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:07-00

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm manager 06-72-/gscope: - version: -

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:06-00

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm manager 05-24-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:jp1/netm/dm managerscope:eqversion:03-00

Trust: 0.3

vendor:hitachimodel:jp1/netm/asset information manager smart edition 01-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:jp1/netm/asset information manager smart editionscope:eqversion:01-00

Trust: 0.3

sources: BID: 24903 // JVNDB: JVNDB-2007-000699 // CNNVD: CNNVD-200707-263 // NVD: CVE-2007-3793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3793
value: HIGH

Trust: 1.0

IPA: JVNDB-2007-000699
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-263
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2007-3793
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2007-000699
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2007-000699 // CNNVD: CNNVD-200707-263 // NVD: CVE-2007-3793

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-263

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 57722 // CNNVD: CNNVD-200707-263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000699

PATCH
title:HS07-019url:http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000699

EXTERNAL IDS
db:NVDid:CVE-2007-3793
Trust: 2.7
db:BIDid:24903
Trust: 2.7
db:SECUNIAid:26052
Trust: 2.6
db:HITACHIid:HS07-019
Trust: 2.0
db:VUPENid:ADV-2007-2535
Trust: 1.6
db:OSVDBid:37014
Trust: 1.6
db:XFid:35386
Trust: 1.4
db:JVNDBid:JVNDB-2007-000699
Trust: 0.8
db:XFid:1
Trust: 0.6
db:CNNVDid:CNNVD-200707-263
Trust: 0.6
db:PACKETSTORMid:57722
Trust: 0.1
sources:
            
            
            BID: 24903 // 
            
            
            
            JVNDB: JVNDB-2007-000699 // 
            
            
            
            PACKETSTORM: 57722 // 
            
            
            
            CNNVD: CNNVD-200707-263 // 
            
            
            
            NVD: CVE-2007-3793

REFERENCES
url:http://secunia.com/advisories/26052
Trust: 2.4
url:http://www.securityfocus.com/bid/24903
Trust: 2.4
url:http://www.hitachi-support.com/security_e/vuls_e/hs07-019_e/index-e.html
Trust: 2.0
url:http://osvdb.org/37014
Trust: 1.6
url:http://www.frsirt.com/english/advisories/2007/2535
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/35386
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35386
Trust: 1.0
url:http://www.vupen.com/english/advisories/2007/2535
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3793
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3793
Trust: 0.8
url:http://www.hitachi.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/26052/
Trust: 0.1
url:http://secunia.com/product/14788/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 24903 // 
            
            
            
            JVNDB: JVNDB-2007-000699 // 
            
            
            
            PACKETSTORM: 57722 // 
            
            
            
            CNNVD: CNNVD-200707-263 // 
            
            
            
            NVD: CVE-2007-3793

CREDITS
The vendor reported this issue.
Trust: 0.9
sources:
            
            
            BID: 24903 // 
            
            
            
            CNNVD: CNNVD-200707-263

SOURCES
db:BIDid:24903
db:JVNDBid:JVNDB-2007-000699
db:PACKETSTORMid:57722
db:CNNVDid:CNNVD-200707-263
db:NVDid:CVE-2007-3793

LAST UPDATE DATE
2024-11-23T20:31:18.807000+00:00

SOURCES UPDATE DATE
db:BIDid:24903date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-000699date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200707-263date:2007-07-17T00:00:00
db:NVDid:CVE-2007-3793date:2024-11-21T00:34:04.780

SOURCES RELEASE DATE
db:BIDid:24903date:2007-07-13T00:00:00
db:JVNDBid:JVNDB-2007-000699date:2008-05-21T00:00:00
db:PACKETSTORMid:57722date:2007-07-13T21:43:57
db:CNNVDid:CNNVD-200707-263date:2007-07-15T00:00:00
db:NVDid:CVE-2007-3793date:2007-07-15T23:30:00