JVN#44266462
ETERNUS SF vulnerable to incorrect default permissions

Overview

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability.

Products Affected

• For Solaris 10/ 11
  • ETERNUS SF AdvancedCopy Manager Standard Edition versions 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
  • ETERNUS SF Storage Cruiser versions 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
• For RHEL 7/ 8/ 9
  • ETERNUS SF AdvancedCopy Manager Standard Edition versions 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
  • ETERNUS SF Express versions 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
  • ETERNUS SF Storage Cruiser versions 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
• For Windows Server 2016/ 2019/ 2022
  • ETERNUS SF AdvancedCopy Manager Standard Edition versions 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
  • ETERNUS SF Express versions 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
  • ETERNUS SF Storage Cruiser versions 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1

Description

ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability.

• Incorrect default permissions (CWE-276)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H Base Score 8.4
  • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Base Score 8.8
  • CVE-2025-62577

Impact

A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.