Overview
- Description
- Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-312
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujitsu:software_infrastructure_manager:2.8.0.060:*:*:*:advanced:-:*:*",
"vulnerable": true,
"matchCriteriaId": "EAED8D54-C6FD-45B0-93BB-C2CA9AD9161F"
},
{
"criteria": "cpe:2.3:a:fujitsu:software_infrastructure_manager:2.8.0.060:*:*:*:advanced:primeflex:*:*",
"vulnerable": true,
"matchCriteriaId": "46473D49-C265-48D1-B903-DBE760EB16AA"
},
{
"criteria": "cpe:2.3:a:fujitsu:software_infrastructure_manager:2.8.0.060:*:*:*:essential:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F48F74F-D51E-4DFA-8636-E239E6A425C9"
}
],
"operator": "OR"
}
]
}
]