CVE-2019-13163
https://notcve.org/view.php?id=CVE-2019-13163
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. La biblioteca Fujitsu TLS permite un ataque de tipo man-in-the-middle. Esto afecta a Interstage Application Development Cycle Manager versión V10 y otras versiones, Interstage Application Server versión V12 y otras versiones, Interstage Business Application Manager versión V2 y otras versiones, Interstage Information Integrator versión V11 y otras versiones, Interstage Job Workload Server versión V8, Interstage List Works versión V10 y otras versiones , Interstage Studio versión V12 y otras versiones, Interstage Web Server Express versión V11, Linkexpress versión V5, Safeauthor versión V3, ServerView Resource Orchestrator versión V3, Systemwalker Cloud Business Service Management versión V1, Systemwalker Desktop Keeper versión V15, Systemwalker Desktop Patrol versión V15, Systemwalker IT Change Manager versión V14, Systemwalker Operation Manager versión V16 y otras versiones, Systemwalker Runbook Automation versión V15 y otras versiones, Systemwalker Security Control versión V1 y Systemwalker Software Configuration Manager versión V15. • https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html • CWE-326: Inadequate Encryption Strength •
CVE-2008-1040
https://notcve.org/view.php?id=CVE-2008-1040
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. Desbordamiento de búfer en la función Single Sign-On de Fujitsu Interstage Application Server 8.0.0 hasta 8.0.3 y 9.0.0, Interstage Studio 8.0.1 y 9.0.0, y Interstage Apworks 8.0.0 permite a atacantes remotos ejecutar código de su elección a través de una URI larga. • http://secunia.com/advisories/29088 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html http://www.securityfocus.com/bid/27966 http://www.vupen.com/english/advisories/2008/0662 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5366
https://notcve.org/view.php?id=CVE-2007-5366
The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. El Tomcat 4.1-based Servlet Service en Fujitsu Interstage Application Server 7.0 hasta la 9.0.0 y Interstage Apworks/Studio 7.0 hasta la 9.0.0 permite a atacantes remotos obtener información sensible (ruta del raíz web) a través de vectores no especificados que disparan un mensaje de error, probablemente relacionado con el permiso de la opción useCanonCaches Java Virtual Machine (JVM). • http://osvdb.org/41318 http://secunia.com/advisories/27136 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html http://www.securityfocus.com/bid/25988 https://exchange.xforce.ibmcloud.com/vulnerabilities/37026 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •