Sign-up

ID

VAR-201403-0718


TITLE

JP1/File Transmission Server / FTP vulnerable to access control violation

Trust: 0.8

sources: JVNDB: JVNDB-2014-001594

DESCRIPTION

JP1/File Transmission Server/FTP has a vulnerability where an FTP client with limited access rights can bypass the access control and access arbitrary directories on the FTP server when enabling the directory access control function.An attacker with login privileges to the FTP server can exploit this vulnerability to destroy data or obtain sensitive data in the system, or possibly cause other damage.

Trust: 0.8

sources: JVNDB: JVNDB-2014-001594

AFFECTED PRODUCTS

vendor:hitachimodel:jp1/file transmission server/ftpscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-001594

CVSS

SEVERITY

CVSSV2

CVSSV3

VENDOR: JVNDB-2014-001594
value: MEDIUM

Trust: 0.8

VENDOR: JVNDB-2014-001594
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2014-001594

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001594

PATCH
title:HS14-007url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-007/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001594

EXTERNAL IDS
db:JVNDBid:JVNDB-2014-001594
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001594

SOURCES
db:JVNDBid:JVNDB-2014-001594

LAST UPDATE DATE
2022-05-04T09:30:18.404000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2014-001594date:2015-03-03T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2014-001594date:2014-03-11T00:00:00