Incorrect Default Permissions in ETERNUS SF by Fujitsu Technologies
CVE-2025-62577
Key Information:
What is CVE-2025-62577?
ETERNUS SF provided by Fujitsu Technologies contains an incorrect default permissions vulnerability. This flaw allows a low-privileged user with access to the management server to potentially obtain sensitive database credentials. If exploited, this could enable the execution of operating system commands with elevated privileges, posing a significant risk to the integrity and security of the management environment. Users of this product are advised to review their permission settings and ensure appropriate access controls are enforced.
Affected Version(s)
ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9) 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11) 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022) 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
References
CVSS V4
CVSS V3.0
Timeline
Vulnerability published
Vulnerability Reserved