Vulnerability Name:

CVE-2009-3172 (CCN-52920)

Assigned:2009-07-21
Published:2009-07-21
Updated:2009-09-24
Summary:Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2009-3172

Source: CCN
Type: JVNDB-2009-001930
Issue of Access Control Failure in Groupmax Scheduler Server

Source: JVNDB
Type: UNKNOWN
JVNDB-2009-001930

Source: CCN
Type: SA36527
Hitachi Groupmax Scheduler Server Security Bypass Vulnerability

Source: SECUNIA
Type: Vendor Advisory
36527

Source: CONFIRM
Type: Vendor Advisory
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-012/index.html

Source: CCN
Type: Hitachi Security Vulnerability Information HS09-012
Groupmax Scheduler Server

Source: OSVDB
Type: UNKNOWN
57565

Source: CCN
Type: OSVDB ID: 57565
Hitachi Groupmax Scheduler Server Unspecified Access Restriction Bypass

Source: BID
Type: UNKNOWN
36184

Source: CCN
Type: BID-36184
Hitachi Groupmax Scheduler Server Unauthorized Access Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2480

Source: XF
Type: UNKNOWN
hitachi-groupmax-security-bypass(52920)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hitachi:groupmax_groupware_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-00-_j:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-00-_k:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-00-_l:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-10-_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-10-_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-20_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_f:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_g:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_i:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_j:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_j:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_j:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_k:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_l:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_l:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_d:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_d:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_e:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_e:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_f:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_h:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_h:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_h:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_i:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_c:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_d:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_d:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_e:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_e:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_f:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_g:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_g:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_b:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_b:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_c:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_c:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_d:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_d:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_d:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a:*:hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_scheduler_server_set:03:00:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_scheduler_server_set:06-52:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_server_set:03-00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_server_set:06-52:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hitachi:groupmax_groupware_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_server_set:03-00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_f::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-10-_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-10-_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-20_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-00-_j:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-00-_k:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07-00-_l:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_j::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_l::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_d:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_l:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_j::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_k:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_g::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_j:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.00_i::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_e:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_f::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_h::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_d::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_e::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_h::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_i::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.10_h:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_c::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_e::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_g:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_d::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_e:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_d:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_g::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_f::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.20_g::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_b::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_d:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_d::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_c::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_b::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_c::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.30_d::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a::aix:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a::windows:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32::hp-ux:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_groupware_server:07.32_a:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_server_set:03-00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_server_set:06-52:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_scheduler_server_set:03:00:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_scheduler_server_set:06-52:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hitachi groupmax groupware server *
    hitachi groupmax groupware server 07-00-_j
    hitachi groupmax groupware server 07-00-_k
    hitachi groupmax groupware server 07-00-_l
    hitachi groupmax groupware server 07-10-_f
    hitachi groupmax groupware server 07-10-_g
    hitachi groupmax groupware server 07-20_g
    hitachi groupmax groupware server 07.00_f
    hitachi groupmax groupware server 07.00_f
    hitachi groupmax groupware server 07.00_g
    hitachi groupmax groupware server 07.00_g
    hitachi groupmax groupware server 07.00_i
    hitachi groupmax groupware server 07.00_i
    hitachi groupmax groupware server 07.00_j
    hitachi groupmax groupware server 07.00_j
    hitachi groupmax groupware server 07.00_j
    hitachi groupmax groupware server 07.00_k
    hitachi groupmax groupware server 07.00_l
    hitachi groupmax groupware server 07.00_l
    hitachi groupmax groupware server 07.10_d
    hitachi groupmax groupware server 07.10_d
    hitachi groupmax groupware server 07.10_e
    hitachi groupmax groupware server 07.10_e
    hitachi groupmax groupware server 07.10_f
    hitachi groupmax groupware server 07.10_f
    hitachi groupmax groupware server 07.10_h
    hitachi groupmax groupware server 07.10_h
    hitachi groupmax groupware server 07.10_h
    hitachi groupmax groupware server 07.10_i
    hitachi groupmax groupware server 07.10_i
    hitachi groupmax groupware server 07.20_c
    hitachi groupmax groupware server 07.20_c
    hitachi groupmax groupware server 07.20_d
    hitachi groupmax groupware server 07.20_d
    hitachi groupmax groupware server 07.20_e
    hitachi groupmax groupware server 07.20_e
    hitachi groupmax groupware server 07.20_f
    hitachi groupmax groupware server 07.20_f
    hitachi groupmax groupware server 07.20_g
    hitachi groupmax groupware server 07.20_g
    hitachi groupmax groupware server 07.20_g
    hitachi groupmax groupware server 07.30_b
    hitachi groupmax groupware server 07.30_b
    hitachi groupmax groupware server 07.30_b
    hitachi groupmax groupware server 07.30_c
    hitachi groupmax groupware server 07.30_c
    hitachi groupmax groupware server 07.30_c
    hitachi groupmax groupware server 07.30_d
    hitachi groupmax groupware server 07.30_d
    hitachi groupmax groupware server 07.30_d
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax scheduler server set 03 00
    hitachi groupmax scheduler server set 06-52
    hitachi groupmax server set 03-00
    hitachi groupmax server set 06-52
    hitachi groupmax groupware server *
    hitachi groupmax server set 03-00
    hitachi groupmax groupware server 07.00_f
    hitachi groupmax groupware server 07.00_g
    hitachi groupmax groupware server 07-10-_f
    hitachi groupmax groupware server 07-10-_g
    hitachi groupmax groupware server 07-20_g
    hitachi groupmax groupware server 07.00_f
    hitachi groupmax groupware server 07-00-_j
    hitachi groupmax groupware server 07-00-_k
    hitachi groupmax groupware server 07-00-_l
    hitachi groupmax groupware server 07.00_j
    hitachi groupmax groupware server 07.00_l
    hitachi groupmax groupware server 07.10_d
    hitachi groupmax groupware server 07.00_l
    hitachi groupmax groupware server 07.00_j
    hitachi groupmax groupware server 07.00_k
    hitachi groupmax groupware server 07.00_g
    hitachi groupmax groupware server 07.00_j
    hitachi groupmax groupware server 07.00_i
    hitachi groupmax groupware server 07.00_i
    hitachi groupmax groupware server 07.10_f
    hitachi groupmax groupware server 07.10_e
    hitachi groupmax groupware server 07.10_f
    hitachi groupmax groupware server 07.10_h
    hitachi groupmax groupware server 07.10_d
    hitachi groupmax groupware server 07.10_e
    hitachi groupmax groupware server 07.10_h
    hitachi groupmax groupware server 07.10_i
    hitachi groupmax groupware server 07.10_i
    hitachi groupmax groupware server 07.10_h
    hitachi groupmax groupware server 07.20_c
    hitachi groupmax groupware server 07.20_e
    hitachi groupmax groupware server 07.20_g
    hitachi groupmax groupware server 07.20_f
    hitachi groupmax groupware server 07.20_d
    hitachi groupmax groupware server 07.20_e
    hitachi groupmax groupware server 07.20_d
    hitachi groupmax groupware server 07.20_c
    hitachi groupmax groupware server 07.20_g
    hitachi groupmax groupware server 07.20_f
    hitachi groupmax groupware server 07.20_g
    hitachi groupmax groupware server 07.30_c
    hitachi groupmax groupware server 07.30_b
    hitachi groupmax groupware server 07.30_d
    hitachi groupmax groupware server 07.30_b
    hitachi groupmax groupware server 07.30_d
    hitachi groupmax groupware server 07.30_c
    hitachi groupmax groupware server 07.30_b
    hitachi groupmax groupware server 07.30_c
    hitachi groupmax groupware server 07.30_d
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax groupware server 07.32
    hitachi groupmax groupware server 07.32_a
    hitachi groupmax server set 03-00
    hitachi groupmax server set 06-52
    hitachi groupmax scheduler server set 03 00
    hitachi groupmax scheduler server set 06-52