[原文]Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.
Hitachi Business Logic Container (BLC) Unspecified Input Form SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Business Logic Container contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the unspecified formnot properly sanitizing user-supplied parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
For BLC on Windows, upgrade to version 3-00 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
For BLC on AIX, Hitachi requires users to contact their support service.