Sign-up

ID

VAR-201004-0521


TITLE

Accela BizSearch Access Control Bypass Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001204

DESCRIPTION

The local file seraching function in IntelligentSearch and Accela BizSearch is prone to an access control bypass vulnerability.Users without permission can access restricted files on the local Windows machine via the BizSearch search results. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fujitsu IntelligentSearch Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA39366 VERIFY ADVISORY: http://secunia.com/advisories/39366/ DESCRIPTION: A vulnerability has been reported in Fujitsu IntelligentSearch, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an unspecified error, which can be exploited to disclose files via the search results. This is related to: SA39283 SOLUTION: Contact the vendor for patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201001.html OTHER REFERENCES: SA39283: http://secunia.com/advisories/39283/ JVNDB-2010-001204: http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001204.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: JVNDB: JVNDB-2010-001204 // PACKETSTORM: 88511 // PACKETSTORM: 88533

AFFECTED PRODUCTS

vendor:accelamodel:bizsearchscope: - version: -

Trust: 0.8

vendor:accelamodel:eaccela bizsearchscope: - version: -

Trust: 0.8

vendor:fujitsumodel:intelligentsearchscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2010-001204

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2010-001204
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2010-001204
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2010-001204

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2010-001204

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001204

PATCH
title:Top Pageurl:http://www.accelatech.com/
Trust: 0.8
title:bizsearch201001url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201001.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001204

EXTERNAL IDS
db:JVNDBid:JVNDB-2010-001204
Trust: 1.0
db:SECUNIAid:39366
Trust: 0.2
db:SECUNIAid:39283
Trust: 0.2
db:PACKETSTORMid:88511
Trust: 0.1
db:PACKETSTORMid:88533
Trust: 0.1
sources:
            
            
            JVNDB: JVNDB-2010-001204 // 
            
            
            
            PACKETSTORM: 88511 // 
            
            
            
            PACKETSTORM: 88533

REFERENCES
url:http://jvndb.jvn.jp/en/contents/2010/jvndb-2010-001204.html
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.2
url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201001.html
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/advisories/39283/
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/39366/
Trust: 0.1
sources:
            
            
            PACKETSTORM: 88511 // 
            
            
            
            PACKETSTORM: 88533

CREDITS
Secunia
Trust: 0.2
sources:
            
            
            PACKETSTORM: 88511 // 
            
            
            
            PACKETSTORM: 88533

SOURCES
db:JVNDBid:JVNDB-2010-001204
db:PACKETSTORMid:88511
db:PACKETSTORMid:88533

LAST UPDATE DATE
2022-05-17T01:41:44.151000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2010-001204date:2010-04-09T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2010-001204date:2010-04-09T00:00:00
db:PACKETSTORMid:88511date:2010-04-16T05:45:36
db:PACKETSTORMid:88533date:2010-04-19T07:19:34