cvelistv5 - CVE-2007-3793

CVE-2007-3793

Vulnerability from cvelistv5

Published

2007-07-15 23:00

Modified

2024-08-07 14:28

Severity ?

Summary

SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://osvdb.org/37014
cve@mitre.org	http://secunia.com/advisories/26052	Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/24903
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2535
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35386

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "hitachi-jp1netmdm-unspecified-sql-injection(35386)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html"
          },
          {
            "name": "26052",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26052"
          },
          {
            "name": "24903",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24903"
          },
          {
            "name": "37014",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37014"
          },
          {
            "name": "ADV-2007-2535",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "hitachi-jp1netmdm-unspecified-sql-injection(35386)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html"
        },
        {
          "name": "26052",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26052"
        },
        {
          "name": "24903",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24903"
        },
        {
          "name": "37014",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37014"
        },
        {
          "name": "ADV-2007-2535",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3793",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "hitachi-jp1netmdm-unspecified-sql-injection(35386)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
            },
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html"
            },
            {
              "name": "26052",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26052"
            },
            {
              "name": "24903",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24903"
            },
            {
              "name": "37014",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37014"
            },
            {
              "name": "ADV-2007-2535",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3793",
    "datePublished": "2007-07-15T23:00:00",
    "dateReserved": "2007-07-15T00:00:00",
    "dateUpdated": "2024-08-07T14:28:52.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3793\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-15T23:30:00.000\",\"lastModified\":\"2017-07-29T01:32:32.630\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager en Windows versiones anteriores a 20070413 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:03-00:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F77719-C7AC-4D02-931D-D0CB6326BB8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:05-24-e\\\\(\\\\*1\\\\):*:*:*:*:*:*\",\"matchCriteriaId\":\"DF7153EC-6D1C-4B53-A0B9-B6C332B5A156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:06-00:*:*:*:*:*:*\",\"matchCriteriaId\":\"D15D2AAC-F598-4871-B2E2-FEE82A687518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:06-72-g:*:*:*:*:*:*\",\"matchCriteriaId\":\"9095573D-DC38-4B3F-B039-2158021C3DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-00:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC4F617F-6BFE-4E6C-B867-99BCB4017265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-50:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6C11883-FAFB-45CB-BE8B-A0C9B6FB2949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-53-09:*:*:*:*:*:*\",\"matchCriteriaId\":\"528B6881-B9C1-4FA2-AFD0-043E1DDE50F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-00:*:*:*:*:*:*\",\"matchCriteriaId\":\"60155356-C973-4F9F-B80E-5C4340E4693F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-02-01:*:*:*:*:*:*\",\"matchCriteriaId\":\"2613823B-8769-41B8-A556-020686B117C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-10:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A897DD8-86A0-44EF-9040-7BACD7FC00D1\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37014\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26052\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/24903\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2535\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35386\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi JP1/NETM/DM Manager products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

TITLE: Hitachi JP1/NETM/DM Manager SQL Injection Vulnerability

SECUNIA ADVISORY ID: SA26052

VERIFY ADVISORY: http://secunia.com/advisories/26052/

CRITICAL: Less critical

IMPACT: Manipulation of data

WHERE:

From remote

SOFTWARE: Hitachi JP1/NETM/DM Manager http://secunia.com/product/14788/

DESCRIPTION: A vulnerability has been reported in Hitachi JP1/NETM/DM Manager, which can be exploited by malicious users to conduct SQL injection attacks.

Unspecified input is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION: Update to the latest version (please see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0285",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "groupmax remote installation server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 2.0"
      },
      {
        "model": "groupmax remote installation server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 3"
      },
      {
        "model": "job management partner 1/software distribution manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(chinese version)"
      },
      {
        "model": "job management partner 1/software distribution manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(english version)"
      },
      {
        "model": "job management partner 1/software distribution manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "embedded rdb edition (chinese version)"
      },
      {
        "model": "job management partner 1/software distribution manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "embedded rdb edition (english version)"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "embedded rdb edition"
      },
      {
        "model": "netm/dm",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "06-00"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "06-72-g"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "07-00"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "08-00"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "05-24-e\\(\\*1\\)"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "03-00"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "07-53-09"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "07-50"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "08-10"
      },
      {
        "model": "jp1-netm-dm manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "08-02-01"
      },
      {
        "model": "netm/dm 02-03-/f",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "netm/dm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "02-00"
      },
      {
        "model": "jp1/netm/dm manager embedded rdb edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "07-53-09"
      },
      {
        "model": "jp1/netm/dm manager embedded rdb edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "07-00"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-10"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-02-01"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "08-00"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "07-53-09"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "07-50"
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "07-00"
      },
      {
        "model": "jp1/netm/dm manager 06-72-/g",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "06-00"
      },
      {
        "model": "jp1/netm/dm manager 05-24-/e",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/netm/dm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "03-00"
      },
      {
        "model": "jp1/netm/asset information manager smart edition 01-00-/a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/netm/asset information manager smart edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "01-00"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-50:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-53-09:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:06-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:06-72-g:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:03-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:05-24-e\\(\\*1\\):*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-02-01:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "24903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-3793",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2007-000699",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-3793",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2007-000699",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-263",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi JP1/NETM/DM Manager products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. \nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi JP1/NETM/DM Manager SQL Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA26052\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26052/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nHitachi JP1/NETM/DM Manager\nhttp://secunia.com/product/14788/\n\nDESCRIPTION:\nA vulnerability has been reported in Hitachi JP1/NETM/DM Manager,\nwhich can be exploited by malicious users to conduct SQL injection\nattacks. \n\nUnspecified input is not properly sanitised before being used in an\nSQL query. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nSOLUTION:\nUpdate to the latest version (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "db": "BID",
        "id": "24903"
      },
      {
        "db": "PACKETSTORM",
        "id": "57722"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-3793",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "24903",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "26052",
        "trust": 2.6
      },
      {
        "db": "HITACHI",
        "id": "HS07-019",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2535",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "37014",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "35386",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "1",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "57722",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "db": "PACKETSTORM",
        "id": "57722"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "id": "VAR-200707-0285",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19642857
  },
  "last_update_date": "2023-12-18T11:16:52.686000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS07-019",
        "trust": 0.8,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-019_e/index-e.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/26052"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/24903"
      },
      {
        "trust": 2.0,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-019_e/index-e.html"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/37014"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/2535"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/35386"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2535"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3793"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3793"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26052/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14788/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "db": "PACKETSTORM",
        "id": "57722"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "24903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "db": "PACKETSTORM",
        "id": "57722"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-13T00:00:00",
        "db": "BID",
        "id": "24903"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "date": "2007-07-13T21:43:57",
        "db": "PACKETSTORM",
        "id": "57722"
      },
      {
        "date": "2007-07-15T23:30:00",
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "date": "2007-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-07T17:37:00",
        "db": "BID",
        "id": "24903"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      },
      {
        "date": "2017-07-29T01:32:32.630000",
        "db": "NVD",
        "id": "CVE-2007-3793"
      },
      {
        "date": "2007-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JP1/NETM/DM Manager SQL Injection Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000699"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "57722"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-263"
      }
    ],
    "trust": 0.7
  }
}

ghsa-v528-pfj4-fcf2

Vulnerability from github

Published

2022-05-01 18:17

Modified

2022-05-01 18:17

Details

SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3793"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-15T23:30:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
  "id": "GHSA-v528-pfj4-fcf2",
  "modified": "2022-05-01T18:17:17Z",
  "published": "2022-05-01T18:17:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3793"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37014"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26052"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24903"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2535"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2007-3793

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

JP1/NETM/DM Manager SQL Injection Vulnerability

Details

JP1/NETM/DM Manager for Windows is vulnerable to SQL injection where a relational database is used as the JP1/NETM/DM database. This could allow attackers to execute arbitrary SQL command and/or corrupt database when it receives a malformed request.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3793
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3793
	SECUNIA	http://secunia.com/advisories/26052
	BID	http://www.securityfocus.com/bid/24903
	XF	http://xforce.iss.net/xforce/xfdb/35386
	FRSIRT	http://www.frsirt.com/english/advisories/2007/2535

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Groupmax Remote Installation Server
	Hitachi, Ltd	Job Management Partner 1/Software Distribution Manager
	Hitachi, Ltd	JP1/NETM/DM Manager
	Hitachi, Ltd	NETM/DM

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000699.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "JP1/NETM/DM Manager for Windows is vulnerable to SQL injection where a relational database is used as the JP1/NETM/DM database. This could allow attackers to execute arbitrary SQL command and/or corrupt database when it receives a malformed request.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000699.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:groupmax_remote_installation_server",
      "@product": "Groupmax Remote Installation Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1_software_distribution_manager",
      "@product": "Job Management Partner 1/Software Distribution Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_netm-dm_manager",
      "@product": "JP1/NETM/DM Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:netm_dm",
      "@product": "NETM/DM",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000699",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3793",
      "@id": "CVE-2007-3793",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3793",
      "@id": "CVE-2007-3793",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26052",
      "@id": "SA26052",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/24903",
      "@id": "24903",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/35386",
      "@id": "35386",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2535",
      "@id": "FrSIRT/ADV-2007-2535",
      "@source": "FRSIRT"
    }
  ],
  "title": "JP1/NETM/DM Manager SQL Injection Vulnerability"
}

gsd-2007-3793

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Aliases

CVE-2007-3793

Aliases

CVE-2007-3793

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3793",
    "description": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
    "id": "GSD-2007-3793"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3793"
      ],
      "details": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
      "id": "GSD-2007-3793",
      "modified": "2023-12-13T01:21:41.847786Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3793",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "hitachi-jp1netmdm-unspecified-sql-injection(35386)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
          },
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html"
          },
          {
            "name": "26052",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26052"
          },
          {
            "name": "24903",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24903"
          },
          {
            "name": "37014",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37014"
          },
          {
            "name": "ADV-2007-2535",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2535"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-50:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:07-53-09:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:06-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:06-72-g:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:03-00:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:05-24-e\\(\\*1\\):*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-02-01:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1-netm-dm_manager:*:08-10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3793"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html"
            },
            {
              "name": "24903",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24903"
            },
            {
              "name": "26052",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26052"
            },
            {
              "name": "37014",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37014"
            },
            {
              "name": "ADV-2007-2535",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2535"
            },
            {
              "name": "hitachi-jp1netmdm-unspecified-sql-injection(35386)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35386"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:32Z",
      "publishedDate": "2007-07-15T23:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3793

Vulnerability from cvelistv5

var-200707-0285

Vulnerability from variot

ghsa-v528-pfj4-fcf2

Vulnerability from github

CVE-2007-3793

Vulnerability from jvndb

gsd-2007-3793

Vulnerability from gsd

Tags

Sightings

Nomenclature