Sign-up

ID

VAR-200711-0033


CVE

CVE-2007-5808


TITLE

Hitachi Collaboration Portal Schedule Component Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 26272 // CNNVD: CNNVD-200711-036

DESCRIPTION

Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets. The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet.Unintended information diasclosure could occur, which an attacker could exploit for further attack. Attackers can exploit this issue to access potentially sensitive information that could aid in further attacks. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Please see vendor advisory for affected products and versions. SOLUTION: Update to the latest versions (please see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-036_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-5808 // JVNDB: JVNDB-2007-000921 // BID: 26272 // PACKETSTORM: 60575

AFFECTED PRODUCTS

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_30_f

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_30_e

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_32_b

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_30_c

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_30_c

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_30

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_30_d

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_30

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_30_b

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_32

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_32

Trust: 1.0

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_32_c

Trust: 1.0

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_32_c

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_30

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_32_b

Trust: 1.0

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_30_f

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_32

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_30_d

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_30_c

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_30_f

Trust: 1.0

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_32_b

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_30_e

Trust: 1.0

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_30_d

Trust: 1.0

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06_30_e

Trust: 1.0

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_30_b

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_30_b

Trust: 1.0

vendor:hitachimodel:groupmax collaboration portalscope: - version: -

Trust: 0.8

vendor:hitachimodel:groupmax collaboration web client - mail/schedulescope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus collaboration portalscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus collaboration portal 6-32-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-32-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-32-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6-32

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6-30

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-32-/cscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-32-/bscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-32-/ascope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-7-32

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/fscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/escope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/cscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/bscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/ascope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-7-30

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-32-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-32-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-32-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7-32

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7-30

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-32-/dscope:neversion: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/gscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-32-/dscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedule 7-30-/gscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-32-/dscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/gscope:neversion: -

Trust: 0.3

sources: BID: 26272 // JVNDB: JVNDB-2007-000921 // CNNVD: CNNVD-200711-036 // NVD: CVE-2007-5808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5808
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2007-000921
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200711-036
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-5808
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2007-000921
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2007-000921 // CNNVD: CNNVD-200711-036 // NVD: CVE-2007-5808

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-5808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-036

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200711-036

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000921

PATCH
title:HS07-036url:http://www.hitachi-support.com/security_e/vuls_e/HS07-036_e/index-e.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000921

EXTERNAL IDS
db:NVDid:CVE-2007-5808
Trust: 2.7
db:SECUNIAid:27451
Trust: 2.6
db:HITACHIid:HS07-036
Trust: 2.0
db:BIDid:26272
Trust: 1.9
db:OSVDBid:42025
Trust: 1.6
db:VUPENid:ADV-2007-3667
Trust: 1.6
db:XFid:38188
Trust: 1.4
db:JVNDBid:JVNDB-2007-000921
Trust: 0.8
db:CNNVDid:CNNVD-200711-036
Trust: 0.6
db:PACKETSTORMid:60575
Trust: 0.1
sources:
            
            
            BID: 26272 // 
            
            
            
            JVNDB: JVNDB-2007-000921 // 
            
            
            
            PACKETSTORM: 60575 // 
            
            
            
            CNNVD: CNNVD-200711-036 // 
            
            
            
            NVD: CVE-2007-5808

REFERENCES
url:http://secunia.com/advisories/27451
Trust: 2.4
url:http://www.hitachi-support.com/security_e/vuls_e/hs07-036_e/index-e.html
Trust: 2.0
url:http://osvdb.org/42025
Trust: 1.6
url:http://www.securityfocus.com/bid/26272
Trust: 1.6
url:http://www.frsirt.com/english/advisories/2007/3667
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/38188
Trust: 1.4
url:http://www.vupen.com/english/advisories/2007/3667
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38188
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5808
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5808
Trust: 0.8
url:http://www.hds.com/products/storage-software/hitachi-device-manager.html
Trust: 0.3
url:http://secunia.com/advisories/27451/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/product/10834/
Trust: 0.1
url:http://secunia.com/product/6162/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/6161/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/10833/
Trust: 0.1
sources:
            
            
            BID: 26272 // 
            
            
            
            JVNDB: JVNDB-2007-000921 // 
            
            
            
            PACKETSTORM: 60575 // 
            
            
            
            CNNVD: CNNVD-200711-036 // 
            
            
            
            NVD: CVE-2007-5808

CREDITS
The vendor disclosed this issue.
Trust: 0.9
sources:
            
            
            BID: 26272 // 
            
            
            
            CNNVD: CNNVD-200711-036

SOURCES
db:BIDid:26272
db:JVNDBid:JVNDB-2007-000921
db:PACKETSTORMid:60575
db:CNNVDid:CNNVD-200711-036
db:NVDid:CVE-2007-5808

LAST UPDATE DATE
2024-08-14T13:59:44.698000+00:00

SOURCES UPDATE DATE
db:BIDid:26272date:2007-11-15T00:38:00
db:JVNDBid:JVNDB-2007-000921date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200711-036date:2007-11-06T00:00:00
db:NVDid:CVE-2007-5808date:2017-07-29T01:33:53.100

SOURCES RELEASE DATE
db:BIDid:26272date:2007-10-31T00:00:00
db:JVNDBid:JVNDB-2007-000921date:2008-05-21T00:00:00
db:PACKETSTORMid:60575date:2007-11-01T00:05:32
db:CNNVDid:CNNVD-200711-036date:2007-11-05T00:00:00
db:NVDid:CVE-2007-5808date:2007-11-05T17:46:00