Published:2026/01/19  Last Updated:2026/01/19

JVNVU#94305241
ETERNUS SF vulnerable to insertion of sensitive information into maintenance data

Overview

ETERNUS SF provided by Fsas Technologies Inc. contains an insertion of sensitive information into maintenance data vulnerability.

Products Affected

  • Solaris 10/ 11
    • ETERNUS SF AdvancedCopy Manager Standard Edition versions 16.8/ 16.9/ 16.9.1
    • ETERNUS SF Storage Cruiser versions 16.8/ 16.9/ 16.9.1
  • RHEL 7/ 8/ 9
    • ETERNUS SF AdvancedCopy Manager Standard Edition versions 16.8/ 16.9/ 16.9.1
    • ETERNUS SF Express versions 16.8/ 16.9/ 16.9.1
    • ETERNUS SF Storage Cruiser versions 16.8/ 16.9/ 16.9.1
  • Windows Server 2016/ 2019/ 2022
    • ETERNUS SF AdvancedCopy Manager Standard Edition versions 16.8/ 16.9/ 16.9.1
    • ETERNUS SF Express versions 16.8/ 16.9/ 16.9.1
    • ETERNUS SF Storage Cruiser versions 16.8/ 16.9/ 16.9.1

Description

ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability.

  • Insertion of sensitive information into maintenance data (CWE-532)
    • CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Base Score 4.3
    • CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Base Score 5.6
    • CVE-2025-68919

Impact

Sensitive information may be obtainedby an attacker who has access to the product's maintenance data.

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Fsas Technologies Inc. Vulnerable 2026/01/19 Fsas Technologies Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia