Hitachi Soumu Workflow Multiple Remote Authentication Bypass Vulnerabilities

Bugtraq ID:	21709
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 21 2006 12:00AM
Updated:	Dec 21 2006 12:00AM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	Hitachi Soumu Workflow For Groupmax 1.0 Hitachi Soumu Workflow 3.0 Hitachi Soumu Workflow 2.0 Hitachi Koukyoumuke Soumu Workflow 1.0
Not Vulnerable:

Hitachi Soumu Workflow Multiple Remote Authentication Bypass Vulnerabilities

Hitachi Soumu Workflow is prone to authentication-bypass vulnerabilities because of a flaw in its authentication process.

Exploiting these issues may allow attackers to gain unauthorized, remote access to the application's administrative functions.

Hitachi Soumu Workflow Multiple Remote Authentication Bypass Vulnerabilities

Currently we are not aware of any exploits for these issues. If you fell we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Hitachi Soumu Workflow Multiple Remote Authentication Bypass Vulnerabilities

Solution:
The vendor has released Hitachi security advisory HS06-016 to address these issues. Please contact the vendor for instructions on obtaining fixes.

Hitachi Soumu Workflow Multiple Remote Authentication Bypass Vulnerabilities

References:

• Authentication Bypass Vulnerabilities in Soumu Workflow Series Products (Hitachi)
  
• Hitachi Soumu Workflow Web Site (Hitachi)