Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in RADVISION iVIEW Suite

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in RADVISION iVIEW Suite

Published: May 19, 2011
>> JAPANESE

Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in RADVISION iVIEW Suite on May 19, 2011. To fix this vulnerability, update the software to the latest version following the instructions provided by its distributors.

1.Overview

RADVISION iVIEW Suite is a management tool bundled with the video conferencing system SCOPIA.

The iVIEW Suite is vulnerable to SQL Injection due to a flaw in the database processing. If exploited, the vulnerability could allow an attacker to manipulate the database.

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000030

In line with the Information Security Early Warning Partnership, the IPA received a report concerning this vulnerability through the creditee below, and the JPCERT Coordination Center (JPCERT/CC) made adjustments to clarify the matter with the product developer and published the information on May 19, 2011.

Credit Hirofumi Oka NRI SecureTechnologies, Ltd
(reported: October 8, 2009)

2.Impact

An attacker could manipulate the iVIEW Suite database.

Security Alert for Vulnerability in Ichitaro Series

3.Solution

To fix this vulnerability, update the software to the latest version following the instructions provided by the distributors.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score  
7.5

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None ■ Partial □ Complete
I:Integrity Impact □ None ■ Partial □ Complete
A:Availability Impact □ None ■ Partial □ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as "SQL Injection (CWE-89)".

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: