cvelistv5 - cve-2007-1786

CVE-2007-1786 (GCVE-0-2007-1786)

Vulnerability from cvelistv5 – Published: 2007-03-31 10:00 – Updated: 2024-08-07 13:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.hitachi-support.com/security_e/vuls_e/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/23208	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2007/1168	vdb-entryx_refsource_VUPEN
	http://osvdb.org/34544	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/24693	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:26.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
          },
          {
            "name": "23208",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23208"
          },
          {
            "name": "ADV-2007-1168",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1168"
          },
          {
            "name": "34544",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34544"
          },
          {
            "name": "24693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24693"
          },
          {
            "name": "hitachi-collaboration-sql-injection(33348)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
        },
        {
          "name": "23208",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23208"
        },
        {
          "name": "ADV-2007-1168",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1168"
        },
        {
          "name": "34544",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34544"
        },
        {
          "name": "24693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24693"
        },
        {
          "name": "hitachi-collaboration-sql-injection(33348)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
            },
            {
              "name": "23208",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23208"
            },
            {
              "name": "ADV-2007-1168",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1168"
            },
            {
              "name": "34544",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34544"
            },
            {
              "name": "24693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24693"
            },
            {
              "name": "hitachi-collaboration-sql-injection(33348)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1786",
    "datePublished": "2007-03-31T10:00:00",
    "dateReserved": "2007-03-30T00:00:00",
    "dateUpdated": "2024-08-07T13:06:26.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA4E08A2-D531-4DE2-B449-48B8AA11F365\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDAC0784-59AB-4011-837E-DA7F982FD9AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:groupmax_collaboration_web_client:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735920C-E419-4671-B455-FCA4A2C3300E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB5554C5-8590-4291-ABFC-F2CA4688136E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7BAFF2D-E60B-401E-9E6C-336FCF8FF60C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en Hitachi Collaboration - Online Community Management 01-00 hasta la 01-30, utilizado en Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, y uCosminexus Content Manager, permite a atacantes remotos ejecutar comandos SQL de su elecci\\u00f3n a trav\\u00e9s vectores no especificados.\"}]",
      "id": "CVE-2007-1786",
      "lastModified": "2024-11-21T00:29:09.383",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-03-31T10:19:00.000",
      "references": "[{\"url\": \"http://osvdb.org/34544\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24693\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/23208\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1168\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33348\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/34544\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/23208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1786\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-31T10:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en Hitachi Collaboration - Online Community Management 01-00 hasta la 01-30, utilizado en Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, y uCosminexus Content Manager, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA4E08A2-D531-4DE2-B449-48B8AA11F365\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDAC0784-59AB-4011-837E-DA7F982FD9AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:groupmax_collaboration_web_client:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735920C-E419-4671-B455-FCA4A2C3300E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB5554C5-8590-4291-ABFC-F2CA4688136E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7BAFF2D-E60B-401E-9E6C-336FCF8FF60C\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/34544\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24693\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23208\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1168\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33348\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/34544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200703-0432

Vulnerability from variot - Updated: 2023-12-18 12:59

SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Please see the vendor's advisory for a list of affected products and versions.

SOLUTION: Please see the vendor's advisory for fix information.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0432",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cosminexus collaboration portal",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration portal",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus collaboration portal",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus content manager",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "groupmax collaboration portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus collaboration portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus content manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus collaboration portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "1-00"
      },
      {
        "model": "ucosminexus collaboration portal forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-30"
      },
      {
        "model": "ucosminexus collaboration portal forum/file share 6-20-/d",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus collaboration portal forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-20"
      },
      {
        "model": "ucosminexus collaboration portal 6-30-/c",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-30"
      },
      {
        "model": "ucosminexus collaboration portal 6-20-/e",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-20"
      },
      {
        "model": "groupmax collaboration web client forum/file share 7-30-/b",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-30"
      },
      {
        "model": "groupmax collaboration web client forum/file share 7-20-/d",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-20"
      },
      {
        "model": "groupmax collaboration web client forum/file share 7-10-/c",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-10"
      },
      {
        "model": "groupmax collaboration web client forum/file share 7-00-/a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-00"
      },
      {
        "model": "groupmax collaboration web client mail/schedule 7-30-/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client mail/schedule",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-7-30"
      },
      {
        "model": "groupmax collaboration web client mail/schedule 7-20-/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration web client mail/schedule",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-7-20"
      },
      {
        "model": "groupmax collaboration portal 7-30-/c",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-30"
      },
      {
        "model": "groupmax collaboration portal 7-20-/e",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-20"
      },
      {
        "model": "groupmax collaboration portal 7-10-/d",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-10"
      },
      {
        "model": "groupmax collaboration portal 7-00-/a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "groupmax collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7-00"
      },
      {
        "model": "cosminexus collaboration portal forum/file share 6-10-/c",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus collaboration portal forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-10"
      },
      {
        "model": "cosminexus collaboration portal forum/file share 6-00-/a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus collaboration portal forum/file share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-00"
      },
      {
        "model": "cosminexus collaboration portal 6-10-/d",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-10"
      },
      {
        "model": "cosminexus collaboration portal 6-00-/a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus collaboration portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6-00"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_web_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "23208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-1786",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-1786",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-1786",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200703-701",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. \nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.  This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for fix information. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nHitachi:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "db": "BID",
        "id": "23208"
      },
      {
        "db": "PACKETSTORM",
        "id": "55483"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-1786",
        "trust": 2.4
      },
      {
        "db": "HITACHI",
        "id": "HS07-008",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "23208",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "24693",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "34544",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1168",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "33348",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "55483",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "db": "PACKETSTORM",
        "id": "55483"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "id": "VAR-200703-0432",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19325397333333336
  },
  "last_update_date": "2023-12-18T12:59:07.816000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS07-008",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs07-008/index.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-008_e/index-e.html"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/34544"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/24693"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/23208"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/1168"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1786"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1786"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1168"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/33348"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/prod/cosminexus/sol/epf/port_view.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10832/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/disassembling_og_reversing/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10834/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24693/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10835/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/linux_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6161/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10833/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "db": "PACKETSTORM",
        "id": "55483"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "23208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "db": "PACKETSTORM",
        "id": "55483"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-30T00:00:00",
        "db": "BID",
        "id": "23208"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "date": "2007-04-02T02:42:23",
        "db": "PACKETSTORM",
        "id": "55483"
      },
      {
        "date": "2007-03-31T10:19:00",
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "date": "2007-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-30T16:43:00",
        "db": "BID",
        "id": "23208"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      },
      {
        "date": "2017-07-29T01:30:59.347000",
        "db": "NVD",
        "id": "CVE-2007-1786"
      },
      {
        "date": "2007-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Groupmax Used for products such as  Hitachi Collaboration - Online Community Management In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003613"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "55483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-701"
      }
    ],
    "trust": 0.7
  }
}

GSD-2007-1786

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1786

Aliases

CVE-2007-1786

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1786",
    "description": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
    "id": "GSD-2007-1786"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1786"
      ],
      "details": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
      "id": "GSD-2007-1786",
      "modified": "2023-12-13T01:21:39.294109Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1786",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
          },
          {
            "name": "23208",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23208"
          },
          {
            "name": "ADV-2007-1168",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1168"
          },
          {
            "name": "34544",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/34544"
          },
          {
            "name": "24693",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24693"
          },
          {
            "name": "hitachi-collaboration-sql-injection(33348)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_web_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1786"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
            },
            {
              "name": "24693",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24693"
            },
            {
              "name": "23208",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23208"
            },
            {
              "name": "34544",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/34544"
            },
            {
              "name": "ADV-2007-1168",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1168"
            },
            {
              "name": "hitachi-collaboration-sql-injection(33348)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:30Z",
      "publishedDate": "2007-03-31T10:19Z"
    }
  }
}

GHSA-J3P2-4C6Q-8QMR

Vulnerability from github – Published: 2022-05-01 17:57 – Updated: 2022-05-01 17:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1786"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-31T10:19:00Z",
    "severity": "MODERATE"
  },
  "details": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.",
  "id": "GHSA-j3p2-4c6q-8qmr",
  "modified": "2022-05-01T17:57:03Z",
  "published": "2022-05-01T17:57:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1786"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34544"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24693"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23208"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1168"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-1786

Vulnerability from fkie_nvd - Published: 2007-03-31 10:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/34544
cve@mitre.org	http://secunia.com/advisories/24693	Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/23208
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1168
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33348
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34544
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24693	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23208
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1168
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33348

Impacted products

Vendor	Product	Version
hitachi	cosminexus_collaboration_portal	*
hitachi	groupmax_collaboration_portal	*
hitachi	groupmax_collaboration_web_client	*
hitachi	ucosminexus_collaboration_portal	*
hitachi	ucosminexus_content_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E08A2-D531-4DE2-B449-48B8AA11F365",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAC0784-59AB-4011-837E-DA7F982FD9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:groupmax_collaboration_web_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735920C-E419-4671-B455-FCA4A2C3300E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5554C5-8590-4291-ABFC-F2CA4688136E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BAFF2D-E60B-401E-9E6C-336FCF8FF60C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Hitachi Collaboration - Online Community Management 01-00 hasta la 01-30, utilizado en Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, y uCosminexus Content Manager, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s vectores no especificados."
    }
  ],
  "id": "CVE-2007-1786",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-31T10:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34544"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24693"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23208"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1168"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33348"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1786 (GCVE-0-2007-1786)

VAR-200703-0432

GSD-2007-1786

GHSA-J3P2-4C6Q-8QMR

FKIE_CVE-2007-1786

Tags

Sightings

Nomenclature