FUJITSU Software has released security patches to fix multiple critical vulnerabilities in their ID Link Manager and TIME CREATOR products. These vulnerabilities, if exploited, could allow an unauthenticated remote attacker to access sensitive information on the target server.
The vulnerabilities, marked as CVE-2024-33620, CVE-2024-33622 and CVE-2024-33624, which include path traversal, missing authentication, and information disclosure flaws, could potentially allow unauthorized remote attackers to gain access to sensitive information stored on servers, manipulate databases, and even enumerate valid usernames.
Products Affected
The affected products include various versions of FUJITSU Business Application ID Link Manager II, FUJITSU Software ID Link Manager, FUJITSU Software TIME CREATOR ID Link Manager, and the FUJITSU Software TIME CREATOR ID Link Manager SaaS offering. Customers using these products are strongly advised to apply the relevant patches as soon as possible to fortify their systems against potential exploitation.
CVE-2024-33620
FUJITSU Business Application ID Link Manager II V1.8 and earlier
FUJITSU Software ID Link Manager V2.0
FUJITSU Software TIME CREATOR ID Link Manager V2.3.0, V2.3.1, V2.4, V2.5, V2.6, V2.7
FUJITSU Software TIME CREATOR ID Link Manager V3.0, V3.0.2, V3.0.2.1, V3.0.3CVE-2024-33622 and CVE-2024-34024
FUJITSU Business Application ID Link Manager II V1.8 and earlier
FUJITSU Software ID Link Manager V2.0
FUJITSU Software TIME CREATOR ID Link Manager V2.3.0, V2.3.1, V2.4, V2.5, V2.6, V2.7
FUJITSU Software TIME CREATOR ID Link Manager V3.0, V3.0.2, V3.0.2.1, V3.0.3
FUJITSU Software TIME CREATOR ID Link Manager SaaS (Versions before the maintenance on June 16, 2024)The Solution
FUJITSU Software recommends applying patches to the affected products. For ID Link Manager and TIME CREATOR, apply the patches according to the information provided by the vendor. For TIME CREATOR SaaS users, the issues are fixed with the update on June 16, 2024.
