Hitachi Soumu Workflow Multiple Unspecified SQL Injection Vulnerabilities

Bugtraq ID:	21704
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 21 2006 12:00AM
Updated:	Dec 21 2006 12:00AM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	Hitachi Soumu Workflow For Groupmax 1.0 Hitachi Soumu Workflow 3.0 Hitachi Soumu Workflow 2.0 Hitachi Koukyoumuke Soumu Workflow 1.0
Not Vulnerable:

Hitachi Soumu Workflow Multiple Unspecified SQL Injection Vulnerabilities

Hitachi Soumu Workflow is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Hitachi Soumu Workflow Multiple Unspecified SQL Injection Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Hitachi Soumu Workflow Multiple Unspecified SQL Injection Vulnerabilities

Solution:
The vendor has released Hitachi advisory HS06-016 to address these issues. Contact the vendor for information on obtaining the appropriate updates.

Hitachi Soumu Workflow Multiple Unspecified SQL Injection Vulnerabilities

References:

• Authentication Bypass Vulnerabilities in Soumu Workflow Series Products (Hitachi)
  
• Hitachi Soumu Workflow Web Site (Hitachi)