Info

Disclosure

Feb 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

BLC contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified script(s) not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Upgrade to version 03-01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Hitachi	Business Logic Container	03-00-/B for Windows
		03-00-/B for Linux
		03-00-/A for Linux
		03-00 for Linux
		03-00-/A for Windows
		03-00 for Windows
		02-03 for Windows
		02-04 for Windows
		02-05 for Windows
		02-06 for Windows
		02-07 for Windows
		02-08 for Windows
		02-09 for Windows

References

Bugtraq ID: 16602
Secunia Advisory ID: 18817
CVE ID: 2006-0772 (see also: NVD)
Related OSVDB ID: 23098
ISS X-Force ID: 23877
VUPEN Advisory: ADV-2006-0532
Keyword: HS06-002-01
Packet Storm: http://packetstormsecurity.org/0602-advisories/sa18817.txt
Vendor Specific Advisory URL: http://www.hitachi-support.com/security_e/vuls_e/HS06-002_e/index-e.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/23099