Systemwalker Centric Manager Open Monitoring: SQL injection vulnerabilities (CVE-2016-10134). May 22nd, 2017
1. Description
In the Zabbix bundled Systemwalker Centric Manager Open Monitoring, new SQL injection vulnerabilities(CVE-2016-10134) have been confirmed.
Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.
2. Impact
For the Zabbix bundled with Systemwalker Centric Manager Open Monitoring, an SQL command may be executed.
For a severity assessment of this vulnerability, see CVE information in "4. Related information".
3. Affected systems and corresponding action
3-1. Affected systems:
PRIMERGY, PRIMEQUEST
3-2. Affected products and required patch
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Systemwalker Centric Manager Open Monitoring | V15.1.0 | RHEL5(x86) | FJSVzbx | T011016LP-02 |
Systemwalker Centric Manager Open Monitoring | V15.1.0 | RHEL5(Intel64) | FJSVzbx | T011017LP-02 |
Systemwalker Centric Manager Open Monitoring | V15.1.0 | RHEL6(x86) | FJSVzbx | T011018LP-02 |
Systemwalker Centric Manager Open Monitoring | V15.1.0 | RHEL6(Intel64)/ 7(Intel64) | FJSVzbx | T011019LP-02 |
Systemwalker Centric Manager Open Monitoring | V15.1.1 | RHEL5(x86) | FJSVzbx | T013819LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.1.1 | RHEL5(Intel64) | FJSVzbx | T013820LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.1.1 | RHEL6(x86) | FJSVzbx | T013821LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.1.1 | RHEL6(Intel64)/ 7(Intel64) | FJSVzbx | T013822LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.2.0 | RHEL5(x86) | FJSVzbx | T013819LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.2.0 | RHEL5(Intel64) | FJSVzbx | T013820LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.2.0 | RHEL6(x86) | FJSVzbx | T013821LP-01 |
Systemwalker Centric Manager Open Monitoring | V15.2.0 | RHEL6(Intel64)/ 7(Intel64) | FJSVzbx | T013822LP-01 |
Note: Determining the affected product
Execute the following command in the console window: #/opt/FJSVftlz/bin/swpkginfo
3-3. Workaround
None.
4. Related information
5. Revision history
- May 22nd, 2017: Initial release