Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in WebSAM DeploymentManager

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in WebSAM DeploymentManager


Published: May 17, 2010
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Koji Nishigaki) has issued a security alert concerning a vulnerability in WebSAM DeploymentManager on May 17, 2010.
The servers and computers installed with the Client Service for DPM may OS shutdown or reboot when being externally attacked.

To fix this vulnerability, update to the fixed version provided by the product developer.

1.Overview

WebSAM DeploymentManager is a software deployment management tool developed by NEC Corporation. The Client Service for DPM of WebSAM DeploymentManager contains a denial of service (DoS) vulnerability and if exploited, the servers and computers installed with the Client Service for DPM may OS shutdown or reboot when being externally attacked.

For detailed information, refer to the following URL:
http://www.nec.co.jp/security-info/secinfo/nv10-004.html (Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000019.html

IPA and JPCERT Coordination Center (JPCERT/CC) received a report concerning this vulnerability directly from the product developer on April 23, 2010, in line with the Information Security Early Warning Partnership, and made the announcement public on May 17, 2010.

2.Impact

A remote attacker could cause OS shutdown or reboot on the servers and computers installed with the Client Service for DPM.

Security Alert for Vulnerability in OpenPNE

3.Solution

To fix this vulnerability, update to the fixed version provided by the product developer.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
□ Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score    
7.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact ■ None □ Partial □ Complete
I:Integrity Impact ■ None □ Partial □ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "No mapping (CWE-DesignError)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: