Hitachi Multiple Products Unspecified SQL Injection Vulnerability
BID:23208
Info
Hitachi Multiple Products Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 23208 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2007 12:00AM |
| Updated: | Mar 30 2007 04:43PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Hitachi uCosminexus Content Manager 1-00 Hitachi uCosminexus Collaboration Portal Forum/File Share 6-30 Hitachi uCosminexus Collaboration Portal Forum/File Share 6-20-/D Hitachi uCosminexus Collaboration Portal Forum/File Share 6-20 Hitachi uCosminexus Collaboration Portal 6-30-/C Hitachi uCosminexus Collaboration Portal 6-30 Hitachi uCosminexus Collaboration Portal 6-20-/E Hitachi uCosminexus Collaboration Portal 6-20 Hitachi Groupmax Collaboration Web Client Forum/File Share 7-30-/B Hitachi Groupmax Collaboration Web Client Forum/File Share 7-30 Hitachi Groupmax Collaboration Web Client Forum/File Share 7-20-/D Hitachi Groupmax Collaboration Web Client Forum/File Share 7-20 Hitachi Groupmax Collaboration Web Client Forum/File Share 7-10-/C Hitachi Groupmax Collaboration Web Client Forum/File Share 7-10 Hitachi Groupmax Collaboration Web Client Forum/File Share 7-00-/A Hitachi Groupmax Collaboration Web Client Forum/File Share 7-00 Hitachi Groupmax Collaboration Web Client - Mail/Schedule 7-30-/C Hitachi Groupmax Collaboration Web Client - Mail/Schedule 7-30 Hitachi Groupmax Collaboration Web Client - Mail/Schedule 7-20-/C Hitachi Groupmax Collaboration Web Client - Mail/Schedule 7-20 Hitachi Groupmax Collaboration Portal 7-30-/C Hitachi Groupmax Collaboration Portal 7-30 Hitachi Groupmax Collaboration Portal 7-20-/E Hitachi Groupmax Collaboration Portal 7-20 Hitachi Groupmax Collaboration Portal 7-10-/D Hitachi Groupmax Collaboration Portal 7-10 Hitachi Groupmax Collaboration Portal 7-00-/A Hitachi Groupmax Collaboration Portal 7-00 Hitachi Cosminexus Collaboration Portal Forum/File Share 6-10-/C Hitachi Cosminexus Collaboration Portal Forum/File Share 6-10 Hitachi Cosminexus Collaboration Portal Forum/File Share 6-00-/A Hitachi Cosminexus Collaboration Portal Forum/File Share 6-00 Hitachi Cosminexus Collaboration Portal 6-10-/D Hitachi Cosminexus Collaboration Portal 6-10 Hitachi Cosminexus Collaboration Portal 6-00-/A Hitachi Cosminexus Collaboration Portal 6-00 |
| Not Vulnerable: | |
Discussion
Hitachi Multiple Products Unspecified SQL Injection Vulnerability
Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects Groupmax Collaboration Portal, uCosminexus Collaboration Portal, and uCosminexus Content Manager.
Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects Groupmax Collaboration Portal, uCosminexus Collaboration Portal, and uCosminexus Content Manager.
Exploit / POC
Hitachi Multiple Products Unspecified SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Hitachi Multiple Products Unspecified SQL Injection Vulnerability
Solution:
The vendor has released updates that address this issue. Please the referenced advisories for more information.
Solution:
The vendor has released updates that address this issue. Please the referenced advisories for more information.
References
Hitachi Multiple Products Unspecified SQL Injection Vulnerability
References:
References: