jvndb-2023-000077
Vulnerability from jvndb
Published
2023-08-04 17:31
Modified
2024-04-03 17:19
Severity ?
Summary
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
Details
Fujitsu Software Infrastructure Manager (ISM) V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data (ismsnap) (CWE-312) under the following conditions.
<ul><li>Using a proxy server that requires authentication in the connection from ISM to internet</li><li>The user ID and/or the password for the proxy server contain "\" (backslash) character</li><li>The product's firmware download function is enabled (*)</li>
* This is a function for the Europe Region and is disabled by default</ul>
Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fujitsu Limited coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| FUJITSU | FUJITSU Software Infrastructure Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000077.html",
"dc:date": "2024-04-03T17:19+09:00",
"dcterms:issued": "2023-08-04T17:31+09:00",
"dcterms:modified": "2024-04-03T17:19+09:00",
"description": "Fujitsu Software Infrastructure Manager (ISM) V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product\u0027s maintenance data (ismsnap) (CWE-312) under the following conditions.\r\n\r\n\u003cul\u003e\u003cli\u003eUsing a proxy server that requires authentication in the connection from ISM to internet\u003c/li\u003e\u003cli\u003eThe user ID and/or the password for the proxy server contain \"\\\" (backslash) character\u003c/li\u003e\u003cli\u003eThe product\u0027s firmware download function is enabled (*)\u003c/li\u003e\r\n\r\n * This is a function for the Europe Region and is disabled by default\u003c/ul\u003e\r\n\r\nFujitsu Limited reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fujitsu Limited coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000077.html",
"sec:cpe": {
"#text": "cpe:/a:fujitsu:software_infrastructure_manager",
"@product": "FUJITSU Software Infrastructure Manager",
"@vendor": "FUJITSU",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "1.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000077",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN38847224/index.html",
"@id": "JVN#38847224",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39379",
"@id": "CVE-2023-39379",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39379",
"@id": "CVE-2023-39379",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.