CVE-2006-2517

SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20178	Patch Vendor Advisory
http://securitytracker.com/id?1016133
http://www.myweb-jp.com/support/tech/tech_common_013.html
http://www.vupen.com/english/advisories/2006/1898
https://exchange.xforce.ibmcloud.com/vulnerabilities/26622

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fujitsu:myweb_portal_office:::citizen:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::light:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::medical:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::public:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::school:::::*
	cpe:2.3:a:fujitsu:myweb_portal_office:::standard:::::*

History

No history.

Information

Published : 2006-05-22 22:02

Updated : 2023-12-10 10:28

NVD link : CVE-2006-2517

Mitre link : CVE-2006-2517

CVE.ORG link : CVE-2006-2517

JSON object : View

Products Affected

fujitsu

myweb_portal_office

CWE

NVD-CWE-Other

{"id": "CVE-2006-2517", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-05-22T22:02:00.000", "references": [{"url": "http://secunia.com/advisories/20178", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016133", "source": "cve@mitre.org"}, {"url": "http://www.myweb-jp.com/support/tech/tech_common_013.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1898", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26622", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."}], "lastModified": "2017-07-20T01:31:33.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:citizen:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFC925FC-ED55-4772-A5DC-9A0CD9C7DC9F"}, {"criteria": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:light:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "103183F1-C8AA-4173-9428-10BEE08CCDFE"}, {"criteria": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:medical:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "715E759F-84CE-4F26-BF05-DA00ADC4122F"}, {"criteria": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:public:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF8EBF7-B37D-446F-A358-4490721D1017"}, {"criteria": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:school:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B13FFDAD-0F8E-4420-BF49-EB331A9A2D1A"}, {"criteria": "cpe:2.3:a:fujitsu:myweb_portal_office:*:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C2599E9-A8E3-4E2D-AB3A-F49EAA919220"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}