製品・ソフトウェアに関する情報

JVN脆弱性詳細

BMC Remedy Action Request System における有効なアカウント名を特定される脆弱性

Title	BMC Remedy Action Request System における有効なアカウント名を特定される脆弱性
Summary	BMC Remedy Action Request System は、無効なユーザログイン試行ではなく、有効なユーザのログイン試行に対して異なるエラーを生成するため、有効なアカウント名を特定される脆弱性が存在します。
Possible impacts	第三者により、有効なアカウント名を特定される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Jan. 17, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

Affected System

BMC Software

Remedy AR System Server 5.01.02 Patch 1267

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0310	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0310
National Vulnerability Database (NVD)
2	CVE-2007-0310	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0310

ベンダー情報

No	Name	URL
BMC
1	Top Page	http://www.bmc.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-0310

Summary	BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
Summary	BMC Remedy Action Request System 5.01.02 Patch 1267 genera diversos mensajes de error para las tentativas falladas de conexión con un username válido que para éstos con un username inválido, lo que permite que los atacantes remotos que determinen nombres de usuario válidos.
Publication Date	Jan. 18, 2007, 9:28 a.m.
Registration Date	Jan. 29, 2021, 2:05 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:bmc:remedy_action_request_system:5.01.02_patch_1267:::::::*

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/31658	cve@mitre.org
2	http://secunia.com/advisories/23775	cve@mitre.org
3	http://securityreason.com/securityalert/2162	cve@mitre.org
4	http://securitytracker.com/id?1017515	cve@mitre.org
5	http://www.alighieri.org/advisories/advisory-remedy50102.txt	cve@mitre.org
6	http://www.securityfocus.com/archive/1/456949/100/0/threaded	cve@mitre.org
7	http://www.securityfocus.com/archive/1/457078/100/0/threaded	cve@mitre.org
8	http://www.securityfocus.com/bid/22066	cve@mitre.org
9	http://www.vupen.com/english/advisories/2007/0204	cve@mitre.org
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/31527	cve@mitre.org
11	http://osvdb.org/31658	af854a3a-2127-422b-91ae-364da2661108
12	http://secunia.com/advisories/23775	af854a3a-2127-422b-91ae-364da2661108
13	http://securityreason.com/securityalert/2162	af854a3a-2127-422b-91ae-364da2661108
14	http://securitytracker.com/id?1017515	af854a3a-2127-422b-91ae-364da2661108
15	http://www.alighieri.org/advisories/advisory-remedy50102.txt	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/archive/1/456949/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securityfocus.com/archive/1/457078/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
18	http://www.securityfocus.com/bid/22066	af854a3a-2127-422b-91ae-364da2661108
19	http://www.vupen.com/english/advisories/2007/0204	af854a3a-2127-422b-91ae-364da2661108
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/31527	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List