FUJITSU Software Fixes Multiple Critical Vulnerabilities

Estimated read time 2 min read

FUJITSU Software has released security patches to fix multiple critical vulnerabilities in their ID Link Manager and TIME CREATOR products. These vulnerabilities, if exploited, could allow an unauthenticated remote attacker to access sensitive information on the target server.

The vulnerabilities, marked as CVE-2024-33620, CVE-2024-33622 and CVE-2024-33624, which include path traversal, missing authentication, and information disclosure flaws, could potentially allow unauthorized remote attackers to gain access to sensitive information stored on servers, manipulate databases, and even enumerate valid usernames.

Products Affected

The affected products include various versions of FUJITSU Business Application ID Link Manager II, FUJITSU Software ID Link Manager, FUJITSU Software TIME CREATOR ID Link Manager, and the FUJITSU Software TIME CREATOR ID Link Manager SaaS offering. Customers using these products are strongly advised to apply the relevant patches as soon as possible to fortify their systems against potential exploitation.

CVE-2024-33620

FUJITSU Business Application ID Link Manager II V1.8 and earlier
FUJITSU Software ID Link Manager V2.0
FUJITSU Software TIME CREATOR ID Link Manager V2.3.0, V2.3.1, V2.4, V2.5, V2.6, V2.7
FUJITSU Software TIME CREATOR ID Link Manager V3.0, V3.0.2, V3.0.2.1, V3.0.3

CVE-2024-33622 and CVE-2024-34024

FUJITSU Business Application ID Link Manager II V1.8 and earlier
FUJITSU Software ID Link Manager V2.0
FUJITSU Software TIME CREATOR ID Link Manager V2.3.0, V2.3.1, V2.4, V2.5, V2.6, V2.7
FUJITSU Software TIME CREATOR ID Link Manager V3.0, V3.0.2, V3.0.2.1, V3.0.3
FUJITSU Software TIME CREATOR ID Link Manager SaaS (Versions before the maintenance on June 16, 2024)

The Solution

FUJITSU Software recommends applying patches to the affected products. For ID Link Manager and TIME CREATOR, apply the patches according to the information provided by the vendor. For TIME CREATOR SaaS users, the issues are fixed with the update on June 16, 2024.

June Bauer

Pop cultureaholic, Technology expert, Web fanatic and a Social media geek. If you have any questions or comments please feel free to email her at june@thecoinspost.com or contact her on X @JuneTBauer1

You May Also Like

More From Author