Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for DataSpider Servista by SAISON INFORMATION SYSTEMS CO.,LTD.

jvndb-2023-000052

Vulnerability from jvndb

Published

2023-05-31 15:34

Modified

2024-03-19 17:44

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

DataSpider Servista uses a hard-coded cryptographic key

Details

DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users (CWE-321). Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN38222042/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-28937
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-28937
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

SAISON INFORMATION SYSTEMS CO.,LTD.

DataSpider Servista

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000052.html",
  "dc:date": "2024-03-19T17:44+09:00",
  "dcterms:issued": "2023-05-31T15:34+09:00",
  "dcterms:modified": "2024-03-19T17:44+09:00",
  "description": "DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista.\r\nThe cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users (CWE-321).\r\n\r\nSato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000052.html",
  "sec:cpe": {
    "#text": "cpe:/a:saison:dataspider_servista",
    "@product": "DataSpider Servista",
    "@vendor": "SAISON INFORMATION SYSTEMS CO.,LTD.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000052",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN38222042/index.html",
      "@id": "JVN#38222042",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-28937",
      "@id": "CVE-2023-28937",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28937",
      "@id": "CVE-2023-28937",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "DataSpider Servista uses a hard-coded cryptographic key"
}