Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | pki_runtime_library | * |
| hitachi | groupmax_mail_-_security_option | 6.0 |
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | cosminexus_enterprise | 01_02_2 |
| hitachi | cosminexus_server | web_01-01_1 |
| macromedia | coldfusion | 6.1 |
| macromedia | jrun | 4.0 |
| macromedia | coldfusion | 6.0 |
| hitachi | cosminexus_enterprise | 01_01_1 |
| hitachi | cosminexus_server | web_01-01_2 |
| macromedia | jrun | 3.1 |
| macromedia | jrun | 3.0 |
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | cosminexus_enterprise | 01_02_2 |
| hitachi | cosminexus_server | web_01-01_1 |
| macromedia | coldfusion | 6.1 |
| macromedia | jrun | 4.0 |
| macromedia | coldfusion | 6.0 |
| hitachi | cosminexus_enterprise | 01_01_1 |
| hitachi | cosminexus_server | web_01-01_2 |
| macromedia | jrun | 3.1 |
| macromedia | jrun | 3.0 |
Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1_p-1j41-9471 | 07_00 |
| hitachi | jp1_p-1j41-9471 | 07_10_a |
| hitachi | jp1_p-1b41-9461 | 06_00_h |
| hitachi | jp1_p-1b41-9471 | 07_10_a |
| hitachi | jp1_p-1b41-9471 | 07_10 |
| hitachi | jp1_p-1b41-9461 | 06_01_d |
| hitachi | jp1_p-1b41-9471 | 07_00_a |
| hitachi | jp1_p-1j41-9471 | 07_10 |
| hitachi | jp1_p-1b41-9461 | 06_02-b |
| hitachi | jp1_p-1b41-9461 | 06_02_c |
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1_p-1j41-9471 | 07_00 |
| hitachi | jp1_p-1j41-9471 | 07_10_a |
| hitachi | jp1_p-1b41-9461 | 06_00_h |
| hitachi | jp1_p-1b41-9471 | 07_10_a |
| hitachi | jp1_p-1b41-9471 | 07_10 |
| hitachi | jp1_p-1b41-9461 | 06_01_d |
| hitachi | jp1_p-1b41-9471 | 07_00_a |
| hitachi | jp1_p-1j41-9471 | 07_10 |
| hitachi | jp1_p-1b41-9461 | 06_02-b |
| hitachi | jp1_p-1b41-9461 | 06_02_c |
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_world_wide_web_desktop | 06_00 |
| hitachi | groupmax_world_wide_web_desktop | 05_11_i |
| hitachi | groupmax_world_wide_web_desktop | 06_51 |
| hitachi | groupmax_world_wide_web_desktop | 06_51_c |
| hitachi | groupmax_world_wide_web_desktop | 06_50_c |
| hitachi | groupmax_world_wide_web_desktop | 06_50_b |
| hitachi | groupmax_world_wide_web_desktop | 06_52_b |
| hitachi | groupmax_world_wide_web_desktop | 05_00 |
| hitachi | groupmax_world_wide_web_desktop | 05_11_j |
| hitachi | groupmax_world_wide_web_desktop | 06_51_b |
| hitachi | groupmax_world_wide_web_desktop | 05_11_f |
| hitachi | groupmax_world_wide_web_desktop | 06_52 |
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_world_wide_web | 02_31_i |
| hitachi | groupmax_world_wide_web | 3 |
| hitachi | groupmax_world_wide_web | 02_20 |
| hitachi | groupmax_world_wide_web_desktop | 06_00 |
| hitachi | groupmax_world_wide_web_desktop | 06_51 |
| hitachi | groupmax_world_wide_web_desktop | 06_51_c |
| hitachi | groupmax_world_wide_web_desktop | 6 |
| hitachi | groupmax_world_wide_web_desktop | 06_50_b |
| hitachi | groupmax_world_wide_web | 02_00 |
| hitachi | groupmax_world_wide_web_desktop | 05_11_j |
| hitachi | groupmax_world_wide_web_desktop | 06_51_b |
| hitachi | groupmax_world_wide_web | 03_10_h |
| hitachi | groupmax_world_wide_web | 2 |
| hitachi | groupmax_world_wide_web_desktop | 05_11_f |
| hitachi | groupmax_world_wide_web | 03_00 |
| hitachi | groupmax_world_wide_web | 02_20_a |
| hitachi | groupmax_world_wide_web_desktop | gold |
| hitachi | groupmax_world_wide_web_desktop | 05_11_i |
| hitachi | groupmax_world_wide_web | 03_11_b |
| hitachi | groupmax_world_wide_web_desktop | 06_50_c |
| hitachi | groupmax_world_wide_web_desktop | 06_52_b |
| hitachi | groupmax_world_wide_web_desktop | 05_00 |
| hitachi | groupmax_world_wide_web_desktop | 5 |
| hitachi | groupmax_world_wide_web_desktop | 06_52 |
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | web_page_generator_enterprise | 03_02_c |
| hitachi | web_page_generator_enterprise | 04_00 |
| hitachi | web_page_generator_enterprise | 04_01_b |
| hitachi | web_page_generator | 01_01_c |
| hitachi | web_page_generator | 02_00 |
| hitachi | web_page_generator_enterprise | 03_00 |
| hitachi | web_page_generator | 01_00 |
| hitachi | web_page_generator | 02_00_c |
| hitachi | web_page_generator_enterprise | 04_00_c |
| hitachi | web_page_generator_enterprise | 03_03_c |
| hitachi | web_page_generator_enterprise | 03_03 |
| hitachi | web_page_generator_enterprise | 04_01 |
| hitachi | web_page_generator_enterprise | 03_03_d |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | secure_access_control_server | 3.2(1) |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| cisco | sn_5428_storage_router | 3.3.2-k9 |
| cisco | call_manager | 3.1(3a) |
| cisco | sn_5420_storage_router_firmware | 1.1(4) |
| f5 | tmos | 9.0.5 |
| cisco | webns | 7.20_(03.09)s |
| alaxala | alaxala_networks | ax7800r |
| yamaha | rtx1500 | * |
| freebsd | freebsd | 2.2.8 |
| freebsd | freebsd | 4.2 |
| microsoft | windows_2003_server | standard |
| freebsd | freebsd | 4.0 |
| freebsd | freebsd | 3.2 |
| hitachi | gr3000 | * |
| f5 | tmos | 9.0.1 |
| cisco | secure_access_control_server | 3.3.1 |
| cisco | secure_access_control_server | 2.6.3 |
| cisco | content_services_switch_11500 | * |
| cisco | secure_access_control_server | 3.2.2 |
| cisco | support_tools | * |
| nortel | 7220_wlan_access_point | * |
| cisco | sn_5428_storage_router | 2-3.3.2-k9 |
| f5 | tmos | 4.5.12 |
| cisco | ciscoworks_vpn_security_management_solution | * |
| cisco | call_manager | 1.0 |
| cisco | ciscoworks_1105_hosting_solution_engine | * |
| freebsd | freebsd | 2.1.0 |
| cisco | content_services_switch_11501 | * |
| f5 | tmos | 4.0 |
| f5 | tmos | 4.6.2 |
| f5 | tmos | 4.5 |
| freebsd | freebsd | 2.2 |
| cisco | secure_access_control_server | 2.1 |
| cisco | ciscoworks_cd1 | 1st |
| freebsd | freebsd | 3.4 |
| freebsd | freebsd | 4.1.1 |
| nortel | universal_signaling_point | 5200 |
| freebsd | freebsd | 2.0.5 |
| openbsd | openbsd | 3.3 |
| freebsd | freebsd | 5.2.1 |
| nortel | universal_signaling_point | compact_lite |
| cisco | aironet_ap350 | * |
| cisco | sn_5428_storage_router | 3.3.1-k9 |
| cisco | intelligent_contact_manager | 5.0 |
| cisco | conference_connection | 1.2 |
| nortel | business_communications_manager | 1000 |
| cisco | secure_access_control_server | 2.6.4 |
| cisco | web_collaboration_option | * |
| cisco | secure_access_control_server | 3.3(1) |
| nortel | business_communications_manager | 400 |
| cisco | personal_assistant | 1.3(4) |
| cisco | ciscoworks_lms | 1.3 |
| microsoft | windows_2000 | * |
| yamaha | rtv700 | * |
| cisco | call_manager | 3.1(2) |
| cisco | secure_access_control_server | 3.2(2) |
| cisco | personal_assistant | 1.4(1) |
| cisco | e-mail_manager | * |
| nortel | succession_communication_server_1000 | * |
| openbsd | openbsd | 3.2 |
| cisco | webns | 7.10_(05.07)s |
| cisco | secure_access_control_server | 2.0 |
| nortel | survivable_remote_gateway | 1.0 |
| f5 | tmos | 4.3 |
| cisco | secure_access_control_server | 3.3 |
| openbsd | openbsd | 3.1 |
| cisco | unity_server | 2.3 |
| freebsd | freebsd | 3.1 |
| freebsd | freebsd | 3.5.1 |
| cisco | aironet_ap1200 | * |
| cisco | sn_5428_storage_router | 2.5.1-k9 |
| microsoft | windows_2003_server | standard_64-bit |
| cisco | content_services_switch_11150 | * |
| freebsd | freebsd | 2.2.3 |
| f5 | tmos | 4.5.9 |
| cisco | ip_contact_center_express | * |
| cisco | mgx_8230 | 1.2.11 |
| hitachi | gs4000 | * |
| cisco | content_services_switch_11503 | * |
| f5 | tmos | 9.0 |
| freebsd | freebsd | 5.0 |
| cisco | ciscoworks_cd1 | 4th |
| f5 | tmos | 4.5.11 |
| yamaha | rt105 | * |
| cisco | unity_server | 2.4 |
| cisco | call_manager | 4.0 |
| cisco | personal_assistant | 1.4(2) |
| cisco | sn_5420_storage_router_firmware | 1.1(7) |
| nortel | callpilot | 201i |
| nortel | business_communications_manager | 200 |
| cisco | ciscoworks_common_management_foundation | 2.0 |
| cisco | secure_access_control_server | 2.3.5.1 |
| freebsd | freebsd | 3.0 |
| cisco | call_manager | 3.2 |
| nortel | callpilot | 703t |
| cisco | secure_access_control_server | 3.2(3) |
| cisco | ciscoworks_cd1 | 5th |
| microsoft | windows_2003_server | web |
| cisco | unity_server | 4.0 |
| alaxala | alaxala_networks | ax5400s |
| nortel | callpilot | 200i |
| hitachi | gr4000 | * |
| cisco | call_manager | 2.0 |
| cisco | secure_access_control_server | 3.1.1 |
| cisco | ciscoworks_access_control_list_manager | 1.5 |
| cisco | webns | 7.20_(03.10)s |
| cisco | ciscoworks_common_management_foundation | 2.2 |
| cisco | ciscoworks_cd1 | 3rd |
| cisco | secure_access_control_server | 3.3.2 |
| f5 | tmos | 9.0.3 |
| f5 | tmos | 9.0.4 |
| freebsd | freebsd | 2.0 |
| cisco | unity_server | 3.1 |
| cisco | sn_5420_storage_router_firmware | 1.1(2) |
| cisco | webns | 7.30_(00.08)s |
| yamaha | rtx1100 | * |
| freebsd | freebsd | 5.1 |
| cisco | conference_connection | 1.1(1) |
| f5 | tmos | 4.6 |
| yamaha | rt57i | * |
| cisco | sn_5420_storage_router | * |
| freebsd | freebsd | 2.1.6 |
| nortel | callpilot | 702t |
| freebsd | freebsd | 2.1.5 |
| cisco | unity_server | 2.0 |
| cisco | mgx_8230 | 1.2.10 |
| cisco | personal_assistant | 1.3(3) |
| yamaha | rtx2000 | * |
| freebsd | freebsd | 5.4 |
| freebsd | freebsd | 4.7 |
| cisco | unity_server | 3.0 |
| microsoft | windows_xp | * |
| cisco | ciscoworks_cd1 | 2nd |
| freebsd | freebsd | 1.1.5.1 |
| cisco | secure_access_control_server | 3.1 |
| cisco | content_services_switch_11000 | * |
| freebsd | freebsd | 2.2.6 |
| cisco | secure_access_control_server | 2.6.2 |
| cisco | content_services_switch_11050 | * |
| freebsd | freebsd | 2.1.6.1 |
| cisco | meetingplace | * |
| cisco | sn_5420_storage_router_firmware | 1.1.3 |
| microsoft | windows_2003_server | r2 |
| freebsd | freebsd | 4.8 |
| freebsd | freebsd | 5.3 |
| freebsd | freebsd | 2.1.7.1 |
| cisco | remote_monitoring_suite_option | * |
| nortel | 7250_wlan_access_point | * |
| cisco | secure_access_control_server | 3.2.1 |
| freebsd | freebsd | 3.3 |
| freebsd | freebsd | 4.9 |
| cisco | ciscoworks_windows | * |
| cisco | webns | 7.30_(00.09)s |
| freebsd | freebsd | 5.2 |
| freebsd | freebsd | 4.4 |
| cisco | interactive_voice_response | * |
| nortel | ethernet_routing_switch_1624 | * |
| nortel | contact_center | * |
| openbsd | openbsd | 3.4 |
| freebsd | freebsd | 3.5 |
| cisco | secure_access_control_server | 2.5 |
| cisco | sn_5428_storage_router | 3.2.1-k9 |
| alaxala | alaxala_networks | ax7800s |
| cisco | ciscoworks_common_services | 2.2 |
| freebsd | freebsd | 4.3 |
| f5 | tmos | 4.4 |
| freebsd | freebsd | 4.6 |
| cisco | emergency_responder | 1.1 |
| cisco | personal_assistant | 1.3(1) |
| cisco | unity_server | 2.2 |
| cisco | secure_access_control_server | 3.0.1 |
| cisco | sn_5420_storage_router_firmware | 1.1(5) |
| cisco | sn_5428_storage_router | 3.2.2-k9 |
| cisco | call_manager | 3.3(3) |
| yamaha | rt300i | * |
| cisco | secure_access_control_server | 3.0.3 |
| cisco | ciscoworks_access_control_list_manager | 1.6 |
| cisco | call_manager | 3.1 |
| freebsd | freebsd | 4.10 |
| cisco | ip_contact_center_enterprise | * |
| cisco | ciscoworks_windows_wug | * |
| f5 | tmos | 4.5.6 |
| freebsd | freebsd | 2.2.2 |
| freebsd | freebsd | 4.11 |
| hitachi | alaxala | ax |
| f5 | tmos | 4.5.10 |
| cisco | mgx_8250 | 1.2.11 |
| cisco | secure_access_control_server | 2.3.6.1 |
| f5 | tmos | 4.2 |
| cisco | unity_server | 2.1 |
| f5 | tmos | 9.0.2 |
| freebsd | freebsd | 4.1 |
| openbsd | openbsd | 3.0 |
| cisco | sn_5428_storage_router | 2-3.3.1-k9 |
| openbsd | openbsd | 3.6 |
| cisco | secure_access_control_server | 3.0 |
| nortel | ethernet_routing_switch_1648 | * |
| microsoft | windows_2003_server | enterprise_64-bit |
| cisco | unity_server | 3.2 |
| openbsd | openbsd | 3.5 |
| cisco | secure_access_control_server | 3.2 |
| microsoft | windows_2003_server | enterprise |
| yamaha | rt250i | * |
| cisco | secure_access_control_server | 2.3 |
| cisco | call_manager | 3.3 |
| yamaha | rtx1000 | * |
| cisco | personal_assistant | 1.3(2) |
| freebsd | freebsd | 4.6.2 |
| cisco | content_services_switch_11800 | * |
| nortel | ethernet_routing_switch_1612 | * |
| cisco | secure_access_control_server | 2.6 |
| cisco | unity_server | 2.46 |
| nortel | optical_metro_5100 | * |
| freebsd | freebsd | 4.5 |
| cisco | secure_access_control_server | 2.42 |
| cisco | secure_access_control_server | 3.2(1.20) |
| cisco | content_services_switch_11506 | * |
| cisco | sn_5420_storage_router_firmware | 1.1(3) |
| cisco | secure_access_control_server | 2.4 |
| nortel | optical_metro_5000 | * |
| freebsd | freebsd | 2.2.5 |
| cisco | ciscoworks_1105_wireless_lan_solution_engine | * |
| cisco | unity_server | 3.3 |
| cisco | mgx_8250 | 1.2.10 |
| cisco | call_manager | 3.0 |
| cisco | agent_desktop | * |
| freebsd | freebsd | 2.2.4 |
| nortel | optical_metro_5200 | * |
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | cosminexus_application_server | 05_00_05_05_f |
| hitachi | cosminexus_application_server | 05_00_05_05_h |
| apache | tomcat | * |
| hitachi | cosminexus_application_server | 05_00_05_05_e |
| hitachi | cosminexus_application_server | 05_00_05_05_k |
Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ip5000_voip_wifi_phone | 1.5.6 |
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ip5000_voip_wifi_phone | 1.5.6 |
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ip5000_voip_wifi_phone | 1.5.4 |
| hitachi | ip5000_voip_wifi_phone | 1.5.8 |
| hitachi | ip5000_voip_wifi_phone | 1.5.2 |
| hitachi | ip5000_voip_wifi_phone | 1.5.6 |
| hitachi | ip5000_voip_wifi_phone | 1.5.0 |
| hitachi | ip5000_voip_wifi_phone | 1.5.10 |
| hitachi | ip5000_voip_wifi_phone | 1.5.5 |
The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ip5000_voip_wifi_phone | 1.5.4 |
| hitachi | ip5000_voip_wifi_phone | 1.5.8 |
| hitachi | ip5000_voip_wifi_phone | 2.0.0 |
| hitachi | ip5000_voip_wifi_phone | 1.5.2 |
| hitachi | ip5000_voip_wifi_phone | 1.5.6 |
| hitachi | ip5000_voip_wifi_phone | 1.5.0 |
| hitachi | ip5000_voip_wifi_phone | 1.5.10 |
| hitachi | ip5000_voip_wifi_phone | 1.5.5 |
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ip5000_voip_wifi_phone | 1.5.6 |
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_collaboration_portal | 07_00 |
| hitachi | groupmax_collaboration_web_client | * |
| hitachi | cosminexus_collaboration_portal | * |
| hitachi | cosminexus_collaboration_portal | 06_00 |
| hitachi | groupmax_collaboration_web_client | 07_00 |
| hitachi | groupmax_collaboration_portal | * |
Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_collaboration_portal | 07_00 |
| hitachi | groupmax_collaboration_web_client | * |
| hitachi | cosminexus_collaboration_portal | * |
| hitachi | cosminexus_collaboration_portal | 06_00 |
| hitachi | groupmax_collaboration_web_client | 07_00 |
| hitachi | groupmax_collaboration_portal | * |
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_mail_smtp | 07_00 |
| hitachi | groupmax_mail_smtp | 06_50 |
| hitachi | groupmax_mail_smtp | * |
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | business_logic | 1.0 |
| hitachi | business_logic | 1.1 |
| hitachi | business_logic | 2.0.6 |
| hitachi | business_logic | 2.0 |
Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | business_logic | 1.0 |
| hitachi | business_logic | 1.1 |
| hitachi | business_logic | 2.0.6 |
| hitachi | business_logic | 2.0 |
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | business_logic | 1.0 |
| hitachi | business_logic | 1.1 |
| hitachi | business_logic | 2.0.6 |
| hitachi | business_logic | 2.0 |
Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | cm2-network_node_manager | unlimited |
| hitachi | jp1-cm2-network_node_manager_250 | 05_20 |
| hitachi | jp1-cm2-network_node_manager_250 | 06_00 |
| hitachi | cm2-network_node_manager | 05_00 |
| hitachi | jp1-cm2-network_node_manager_250 | 05_20_e |
| hitachi | cm2-network_node_manager | 250 |
SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | hitsenser_data_mart_server | bs_l |
| hitachi | hitsenser_data_mart_server | ex |
| hitachi | hitsenser_data_mart_server | bs |
| hitachi | hitsenser_data_mart_server | bs_m |
| hitachi | hitsenser_data_mart_server | bs_s |
Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_02 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_06 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_07 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_09 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_00 |
| hitachi | jpi_netsight_ii_port_discovery_advance | r_15237_9154_07_50 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_04 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_05 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_01 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_08 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_10 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_03 |
| hitachi | jpi_netsight_ii_port_discovery_standard | r_15237_9164_07_11 |
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | business_logic | 02_03 |
| hitachi | business_logic | 03_00 |
| hitachi | business_logic | * |
Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | business_logic | 02_03 |
| hitachi | business_logic | 03_00 |
| hitachi | business_logic | * |
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_world_wide_web_scheduler | 3 |
| hitachi | groupmax_world_wide_web_desktop | * |
| hitachi | groupmax_world_wide_web | 3 |
| hitachi | groupmax_world_wide_web_desktop | 5 |
| hitachi | groupmax_world_wide_web_desktop_scheduler | 5 |
| hitachi | groupmax_world_wide_web_scheduler | 2 |
| hitachi | groupmax_world_wide_web | 2 |
| hitachi | groupmax_world_wide_web_desktop | 6 |
Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | xfit_s_zgin | 0 |
| hitachi | xfit_s_zengin | 0 |
| hitachi | xfit_s | 0 |
| hitachi | xfit_s_jca | 0 |
Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jpi_automatic_job_management_system_2 | * |
| hitachi | jpi_pfm_snmp_system_observer | * |
| hitachi | jpi_server_conductor_server_manager | * |
| hitachi | jpi_server_conductor_blade_server_manager | * |
| hitachi | jp1-cm2-network_node_manager_250 | 05_20 |
| hitachi | jpi_server_system_observer_-_report_feature | * |
| hitachi | jpi_performance_management | * |
| hitachi | jp1-cm2-network_node_manager_250 | 06_00 |
| hitachi | jpi_security_integrated_manager | * |
| hitachi | jp1-cm2-network_node_manager | * |
The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_mail | * |
| hitachi | groupmax_world_wide_web_desktop | * |
| hitachi | groupmax_integrated_desktop | * |
| hitachi | groupmax_world_wide_web | * |
SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | eur_professional | 05_06 |
| hitachi | eur_viewer | 05_00 |
| hitachi | eur_print_service_for_ilf | 05_06 |
| hitachi | eur_print_service | 05_01 |
| hitachi | eur_viewer | 05_06 |
| hitachi | eur_print_service | 05_06 |
| hitachi | eur_professional | 05_00 |
SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | hitsenser3 | stp |
| hitachi | hitsenser3 | eup |
| hitachi | hitsenser3 | * |
| hitachi | hitsenser3 | pup |
| hitachi | hitsenser3 | prp |
Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_address_server | 5 |
| hitachi | groupmax_mail_server | 6 |
| hitachi | groupmax_mail_server | 3 |
| hitachi | groupmax_mail_server | * |
| hitachi | groupmax_address_server | * |
| hitachi | groupmax_address_server | 2 |
| hitachi | groupmax_address_server | 3 |
| hitachi | groupmax_mail_server | 5 |
| hitachi | groupmax_address_server | 6 |
| hitachi | groupmax_mail_server | 2 |
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | groupmax_collaboration_portal | 07_00 |
| hitachi | groupmax_collaboration_portal | 7.2 |
| hitachi | groupmax_collaboration_web_client | 7.2 |
| hitachi | groupmax_collaboration_web_client | * |
| hitachi | cosminexus_collaboration_portal | * |
| hitachi | cosminexus_collaboration_portal | 06_00 |
| hitachi | groupmax_collaboration_web_client | 07_00 |
| hitachi | groupmax_collaboration_portal | * |
| hitachi | cosminexus_collaboration_portal | 6.2 |
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | processing_kit_for_xml | 02-00 |
| hitachi | electronic_form_workflow-professional_library_set | 07-20-/b |
| hitachi | electronic_form_workflow-developer_client_set | 07-20 |
| hitachi | cosminexus/opentp1_web_web_front-endset | 02-00 |
| hitachi | ucosminexus_application_server | 06-70f |
| hitachi | ucosminexus_service_platform | 07-00 |
| hitachi | groupmax_collaboration | 07-35 |
| hitachi | cosminexus_client | 06-50-/f |
| hitachi | ucosminexus_collaboration | 06-30-/f |
| hitachi | ucosminexus_application_server | 06-71 |
| hitachi | cosminexus_application_server | 06-50-/f |
| hitachi | cosminexus_application_server | 05-01 |
| hitachi | ucosminexus_application_server | 07-00 |
| hitachi | groupmax_collaboration | 07-35-/f |
| hitachi | ucosminexus_client | 06-71-/f |
| hitachi | ucosminexus_client | 08-00 |
| hitachi | cosminexus_application_server | 06-02 |
| hitachi | cosminexus_developer | 05-05 |
| hitachi | processing_kit_for_xml | 01-05-/a |
| hitachi | processing_kit_for_xml | 02-05 |
| hitachi | ucosminexus_developer | 06-70 |
| hitachi | cosminexus_client | 06-50 |
| hitachi | ucosminexus_application_server | 06-70-/g |
| hitachi | cosminexus_developer | 05-00 |
| hitachi | ucosminexus_service_architect | 8 |
| hitachi | electronic_form_workflow-developer_set | 07-50-/d |
| hitachi | ucosminexus_application_server | 06-70-/e |
| hitachi | electronic_form_workflow-standard_set | 07-11-/c |
| hitachi | ucosminexus_collaboration | 06-20-/d |
| hitachi | ucosminexus_developer | 06-70-/f |
| hitachi | processing_kit_for_xml | 02-00-/c |
| hitachi | electronic_form_workflow-standard_set | 07-10 |
| hitachi | electronic_form_workflow-developer_set | 07-60-/i |
| hitachi | cosminexus_developer | 05-00-/i |
| hitachi | processing_kit_for_xml | 01-05-/c |
| hitachi | cosminexus_application_server | 5 |
| hitachi | groupmax_collaboration | 07-30 |
| hitachi | cosminexus_application_server | 05-05 |
| hitachi | ucosminexus_client | 06-71 |
| hitachi | cosminexus_application_server | 06-02-/g |
| hitachi | ucosminexus_application_server | 06-72 |
| hitachi | cosminexus_client | 06-51-/k |
| hitachi | cosminexus_application_server | 06-51-/k |
| hitachi | ucosminexus_service_architect | 07-00 |
| hitachi | cosminexus_studio | 05-05 |
| hitachi | cosminexus_developer | 6 |
| hitachi | ucosminexus_service_platform | 08-00 |
| hitachi | ucosminexus_developer | 06-71 |
| hitachi | developer's_kit_for_java | * |
| hitachi | electronic_form_workflow-developer_client_set | 07-10 |
| hitachi | ucosminexus/opentp1_web_web_front-endset | 02-70 |
| hitachi | ucosminexus_client | 07-60 |
| hitachi | cosminexus/opentp1_web_web_front-endset | 01-01 |
| hitachi | cosminexus_application_server | 06-51 |
| hitachi | ucosminexus_application_server | 06-70-/f |
| hitachi | cosminexus_developer | 06-51-/k |
| hitachi | electronic_form_workflow-standard_set | 06-70-/c |
| hitachi | ucosminexus_application_server | 7 |
| hitachi | ucosminexus_application_server | 06-70-/a |
| hitachi | electronic_form_workflow-developer_client_set | 07-00 |
| hitachi | electronic_form_workflow-developer_client_set | 07-11-/c |
| hitachi | cosminexus_application_server | 05-02-/e |
| hitachi | electronic_form_workflow-standard_set | 07-00 |
| hitachi | cosminexus_client | 06-51 |
| hitachi | cosminexus_studio | 04-01 |
| hitachi | ucosminexus_service_platform | 07-60 |
| hitachi | cosminexus_studio | 05-05-/p |
| hitachi | cosminexus_studio | 05-00-/i |
| hitachi | cosminexus_application_server | 05-05-/o |
| hitachi | cosminexus_application_server | 05-05-/i |
| hitachi | groupmax_collaboration | 07-20-/d |
| hitachi | ibm_xl_c/c++_v8_for_aix_&_hitachi_developer's_kit_for_java | 01-00 |
| hitachi | groupmax_collaboration | 07-30-/f |
| hitachi | electronic_form_workflow-standard_set | 07-20 |
| hitachi | cosminexus_application_server | 06-02-/d |
| hitachi | cosminexus_studio | 05-01-/l |
| hitachi | ucosminexus_developer | 08-00 |
| hitachi | ucosminexus_developer | 07-60 |
| hitachi | cosminexus_application_server | 06-50-/c |
| hitachi | ucosminexus_client | 8 |
| hitachi | processing_kit_for_xml | 01-07-/a |
| hitachi | processing_kit_for_xml | 02-05-/c |
| hitachi | cosminexus_application_server | 05-02 |
| hitachi | ucosminexus_service_platform | 7 |
| hitachi | ucosminexus_application_server | 06-71-/g |
| hitachi | cosminexus/opentp1_web_web_front-endset | 01-00-/b |
| hitachi | cosminexus_application_server | 06-02-/f |
| hitachi | cosminexus_application_server | 06-50-/b |
| hitachi | electronic_form_workflow-professional_library_set | 07-20 |
| hitachi | ucosminexus_service_architect | 07-60 |
| hitachi | ucosminexus_application_server | 06-70-/l |
| hitachi | processing_kit_for_xml | 01-05 |
| hitachi | cosminexus_application_server | 06-51-/b |
| hitachi | cosminexus_application_server | 06-00 |
| hitachi | ucosminexus_client | 07-00 |
| hitachi | ucosminexus_operator | 6.7 |
| hitachi | electronic_form_workflow-developer_client_set | 06-70-/f |
| hitachi | electronic_form_workflow-standard_set | 07-00-/b |
| hitachi | electronic_form_workflow-professional_set | 07-50 |
| hitachi | electronic_form_workflow-professional_library_set | 07-00-/c |
| hitachi | cosminexus_application_server | 05-01-/l |
| hitachi | processing_kit_for_xml | 01-07 |
| hitachi | cosminexus_developer | 05-05-/p |
| hitachi | electronic_form_workflow-professional_set | 07-50-/d |
| hitachi | ucosminexus_application_server | 06-70-/n |
| hitachi | cosminexus_application_server | 06-00-/a |
| hitachi | cosminexus_application_server | 06-50 |
| hitachi | cosminexus_developer | 05-01-/l |
| hitachi | cosminexus_studio | 04-01-/a |
| hitachi | processing_kit_for_xml | 01-05-/d |
| hitachi | electronic_form_workflow-developer_client_set | 06-70 |
| hitachi | ucosminexus_application_server | 08-00 |
| hitachi | cosminexus_application_server | 06-00-/e |
| hitachi | ucosminexus_service_platform | 07-10 |
| hitachi | electronic_form_workflow-developer_client_set | 07-10-/a |
| hitachi | electronic_form_workflow-professional_library_set | 07-11-/c |
| hitachi | cosminexus_application_server | 05-00 |
| hitachi | processing_kit_for_xml | 02-05-/a |
| hitachi | cosminexus_developer | 06-00 |
| hitachi | cosminexus_developer | 06-51 |
| hitachi | ucosminexus_application_server | 06-72-/d |
| hitachi | ucosminexus_developer | 8 |
| hitachi | ucosminexus_application_server | 8 |
| hitachi | electronic_form_workflow_set | 07-50-/d |
| hitachi | processing_kit_for_xml | 01-05-/b |
| hitachi | electronic_form_workflow-professional_library_set | 06-70 |
| hitachi | ucosminexus_collaboration | 06-35-/f |
| hitachi | ucosminexus_operator | 07-00 |
| hitachi | ucosminexus_operator | 8 |
| hitachi | cosminexus_application_server | 6 |
| hitachi | cosminexus_application_server | 06-00-/i |
| hitachi | cosminexus_studio | 05-01 |
| hitachi | cosminexus_client | 06-00 |
| hitachi | ucosminexus_developer | 7 |
| hitachi | ucosminexus_developer | 06-71-/f |
| hitachi | cosminexus_studio | 04-00-/a |
| hitachi | cosminexus_server | 04-00 |
| hitachi | cosminexus/opentp1_web_web_front-endset | 01-01-/c |
| hitachi | cosminexus_client | 06-02-/g |
| hitachi | cosminexus/opentp1_web_web_front-endset | 02-50 |
| hitachi | cosminexus_application_server | 06-00-/b |
| hitachi | ucosminexus_collaboration | 06-30 |
| hitachi | ucosminexus_collaboration | 06-20 |
| hitachi | electronic_form_workflow-professional_library_set | 06-70-/c |
| hitachi | electronic_form_workflow-developer_client_set | 07-20-/b |
| hitachi | cosminexus_client | 06-00-/i |
| hitachi | cosminexus/opentp1_web_web_front-endset | 01-00 |
| hitachi | cosminexus_server | 04-01 |
| hitachi | ibm_xl_c/c++_v7_for_aix_&_hitachi_developer's_kit_for_java | 01-00 |
| hitachi | ucosminexus_service_architect | 6.7 |
| hitachi | groupmax_collaboration | 07-20 |
| hitachi | electronic_form_workflow_set | 07-50 |
| hitachi | ucosminexus_developer | 07-00 |
| hitachi | cosminexus_developer | 06-02-/g |
| hitachi | electronic_form_workflow-professional_library_set | 07-00 |
| hitachi | cosminexus_application_server | 06-50-/e |
| hitachi | ucosminexus_service_architect | 7 |
| hitachi | electronic_form_workflow-developer_client_set | 07-11 |
| hitachi | ucosminexus_service_platform | 8 |
| hitachi | cosminexus_developer | 06-50-/f |
| hitachi | ucosminexus/opentp1_web_web_front-endset | 02-70-/a |
| hitachi | cosminexus_application_server | 06-51-/e |
| hitachi | ucosminexus_application_server | 6.7 |
| hitachi | electronic_form_workflow-professional_library_set | 07-00-/b |
| hitachi | electronic_form_workflow-standard_set | 07-10-/a |
| hitachi | electronic_form_workflow-developer_set | 07-50 |
| hitachi | electronic_form_workflow-professional_library_set | 07-10-/a |
| hitachi | cosminexus_developer | 05-01 |
| hitachi | electronic_form_workflow-developer_set | 07-60 |
| hitachi | ucosminexus_service_platform | 6.7 |
| hitachi | electronic_form_workflow-professional_library_set | 07-10 |
| hitachi | processing_kit_for_xml | 01-00 |
| hitachi | ucosminexus_application_server | 06-70 |
| hitachi | ucosminexus_collaboration | 06-35 |
| hitachi | processing_kit_for_xml | 02-00-/b |
| hitachi | cosminexus_application_server | 05-00-/s |
| hitachi | cosminexus_server | 04-00-/a |
| hitachi | cosminexus_developer | 5 |
| hitachi | cosminexus_server | 04-01-/a |
| hitachi | ucosminexus_service_architect | 08-00 |
| hitachi | electronic_form_workflow-professional_library_set | 06-70-/f |
| hitachi | ucosminexus_operator | 7 |
| hitachi | electronic_form_workflow_set | 07-60-/i |
| hitachi | electronic_form_workflow-standard_set | 07-00-/c |
| hitachi | cosminexus_developer | 06-00-/i |
| hitachi | ucosminexus_application_server | 07-60 |
| hitachi | cosminexus/opentp1_web_web_front-endset | 02-00-/a |
| hitachi | cosminexus_application_server | 05-05-/p |
| hitachi | ucosminexus_application_server | 07-10 |
| hitachi | electronic_form_workflow-standard_set | 06-70 |
| hitachi | ucosminexus_application_server | 06-71-/f |
| hitachi | ucosminexus_developer | 6 |
| hitachi | electronic_form_workflow-standard_set | 07-20-/b |
| hitachi | ucosminexus_developer | 6.7 |
| hitachi | cosminexus_application_server | 06-50-/i |
| hitachi | electronic_form_workflow_set | 07-60 |
| hitachi | electronic_form_workflow-developer_client_set | 07-00-/c |
| hitachi | cosminexus_studio | 05-00 |
| hitachi | cosminexus_developer | 06-50 |
| hitachi | cosminexus/opentp1_web_web_front-endset | 02-50-/a |
| hitachi | cosminexus_application_server | 05-00-/i |
| hitachi | cosminexus_client | 06-02 |
| hitachi | electronic_form_workflow-standard_set | 06-70-/f |
| hitachi | electronic_form_workflow-professional_library_set | 07-11 |
| hitachi | electronic_form_workflow-standard_set | 07-11 |
| hitachi | ucosminexus_client | 06-70 |
| hitachi | ucosminexus_operator | 07-60 |
| hitachi | cosminexus_developer | 06-02 |
| hitachi | cosminexus_studio | 04-00 |
| hitachi | ucosminexus_client | 06-70-/f |
| hitachi | processing_kit_for_xml | 02-00-/d |
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/automatic_job_management_system_2-view | 07-50-17 |
| hitachi | jp1/automatic_job_management_system_2-view | 08-10-11 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-51-/p |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 07-50-17 |
| hitachi | jp1/server_system_observer | 06-71-/h |
| hitachi | jp1/automatic_job_management_system_2-view | 08-50 |
| hitachi | job_management_partner_1/performance_management/snmp_system_observer | 07-00 |
| hitachi | job_management_partner_1/snmp_system_observer | 06-71 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-10 |
| hitachi | jp1/performance_management/snmp_system_observer | 07-50-09 |
| hitachi | jp1_integrated_management_service_support | 08-50-02 |
| hitachi | jp1/performance_management/snmp_system_observer | 07-10 |
| hitachi | jp1_integrated_management_service_support | 08-11 |
| hitachi | jp1/performance_management/snmp_system_observer | 07-50 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-50 |
| hitachi | jp1/automatic_job_management_system_2-view | 08-50-08 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-10-11 |
| hitachi | jp1/cm2/snmp_system_observer | 08-00-09 |
| hitachi | job_management_partner_1/integrated_manager-view | 07-00 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 08-00 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-10-/h |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-51-/n |
| hitachi | jp1_integrated_management_service_support | 08-10-02 |
| hitachi | jp1/server_system_observer | 06-71 |
| hitachi | jp1_integrated_management_service_support | 08-10-05 |
| hitachi | jp1_integrated_management_service_support | 08-10-03 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-00-/k |
| hitachi | jp1/server_system_observer | 06-51-/f |
| hitachi | job_management_partner_1/snmp_system_observer | 06-51 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 07-00 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-71-/q |
| hitachi | job_management_partner_1/integrated_management-view | 08-01 |
| hitachi | jp1_integrated_management_service_support | 08-50-01 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-51 |
| hitachi | jp1/integrated_management-view | 08-50-06 |
| hitachi | jp1/performance_management/snmp_system_observer | 07-10-/b |
| hitachi | job_management_partner_1/snmp_system_observer | 06-51-/a |
| hitachi | jp1_integrated_management_service_support | 08-11-01 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 07-00-/g |
| hitachi | jp1/automatic_job_management_system_2-view | 07-11-15 |
| hitachi | job_management_partner_1/integrated_manager-console_view | 06-00 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-00 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-71 |
| hitachi | jp1_integrated_management_service_support | 08-10 |
| hitachi | jp1/automatic_job_management_system_2-view | 08-01 |
| hitachi | jp1/performance_management/snmp_system_observer | 07-00 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-71 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 08-00-13 |
| hitachi | job_management_partner_1/integrated_manager-console_view | 06-71 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 07-50 |
| hitachi | jp1_integrated_management_service_support | 08-50 |
| hitachi | jp1/integrated_manager-console_view | 06-00 |
| hitachi | jp1/cm2/snmp_system_observer | 08-00 |
| hitachi | jp1/integrated_manager-view | 07-51 |
| hitachi | jp1/integrated_manager-console_view | 06-71 |
| hitachi | jp1/integrated_management-view | 08-00 |
| hitachi | jp1/integrated_manager-view | 07-00 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-00 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-51-n1 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-51 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-00 |
| hitachi | jp1/automatic_job_management_system_2-view | 08-01-05 |
| hitachi | jp1_integrated_management_service_support | 08-10-04 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-00-g1 |
| hitachi | jp1_integrated_management_service_support | 08-10-01 |
| hitachi | jp1/automatic_job_management_system_2-view | 08-00-13 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-11 |
| hitachi | jp1/automatic_job_management_system_2-view | 06-51-/p1 |
| hitachi | jp1/automatic_job_management_system_2-view | 08-00 |
| hitachi | jp1_integrated_management_service_support | 08-11-03 |
| hitachi | jp1_integrated_management_service_support | 08-50-03 |
| hitachi | jp1/performance_management/snmp_system_observer | 07-00-/e |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-71-/m |
| hitachi | jp1/automatic_job_management_system_2-view | 08-10 |
| hitachi | jp1/server_system_observer | 06-71-03 |
| hitachi | jp1/server_system_observer | 06-51 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-71-m1 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 06-00-/a |
| hitachi | jp1_integrated_management_service_support | 08-11-02 |
| hitachi | jp1/automatic_job_management_system_2-view | 07-10-10 |
| hitachi | job_management_partner_1/automatic_job_management_system_2-view | 08-00-04 |
Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-07 |
| hitachi | serverconductor_/_deployment_manager | 07-57 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-00 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 07-52 |
| hitachi | serverconductor_/_deployment_manager | 01-01 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-70 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-52 |
| hitachi | serverconductor_/_deployment_manager | 06-00-/a |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-50 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-80-/a |
| hitachi | jp1/_serverconductor_/_deployment_manager | 07-50 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 07-56-/f |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-06 |
| hitachi | serverconductor_/_deployment_manager | 01-00 |
| hitachi | serverconductor_/_deployment_manager | 07-55 |
| hitachi | serverconductor_/_deployment_manager | 07-59 |
| hitachi | serverconductor_/_deployment_manager | 06-00 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-09-/e |
| hitachi | serverconductor_/_deployment_manager | 07-50 |
| hitachi | jp1/_serverconductor_/_deployment_manager | 08-51 |
Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ucosminexus_eur_form_service | 07-60-/c |
| hitachi | eur_form_client | 05-10-c |
| hitachi | eur_form_service | 05-10-/b |
| hitachi | eur_form_client | 01-00 |
| hitachi | eur_form_client | 05-00 |
| hitachi | ucosminexus_eur_form_service | 07-50-/c |
| hitachi | ucosminexus_eur_form_service | 07-50 |
| hitachi | eur_form_service | 01-00 |
| hitachi | ucosminexus_eur_form_service | 05-05 |
| hitachi | eur_form_service | 05-00 |
| hitachi | eur_form_client | 05-10-a |
| hitachi | eur_form_client | 05-10-aa |
| hitachi | eur_form_client | 05-10-b |
| hitachi | eur_form_client | 01-05-/c(*1) |
| hitachi | eur_form_client | 05-10-/b |
| hitachi | eur_form_service | 01-05(*1) |
| hitachi | ucosminexus_eur_form_service | 05-10-/b |
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | it_operations_analyzer | 02-51 |
| hitachi | it_operations_analyzer | 02-53-02 |
| hitachi | it_operations_analyzer | 02-53 |
| hitachi | it_operations_analyzer | 02-01 |
| hitachi | it_operations_analyzer | 02-51-01 |
| hitachi | it_operations_analyzer | 02-53-01 |
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | cobol2002_net_developer | 01-03 |
| hitachi | cobol2002_net_server_suite | 02-00-/d |
| hitachi | cobol2002_net_client_suite | 01-02 |
| hitachi | cobol2002_net_server_suite | 01-02 |
| hitachi | cobol2002_net_server_suite | 01-00 |
| hitachi | cobol2002_net_server_suite | 01-02-/f |
| hitachi | cobol2002_net_developer | 01-01 |
| hitachi | cobol2002_net_developer | 01-02 |
| hitachi | cobol2002_net_developer | 01-02-/f |
| hitachi | cobol2002_net_client_suite | 01-00 |
| hitachi | cobol2002_net_developer | 01-01-/d |
| hitachi | cobol2002_net_server_suite | 01-03 |
| hitachi | cobol2002_net_server_suite | 01-01-/d |
| hitachi | cobol2002_net_developer | 01-00 |
| hitachi | cobol2002_net_client_suite | 01-01 |
| hitachi | cobol2002_net_client_suite | 01-03 |
| hitachi | cobol2002_net_client_suite | 01-03-/f |
| hitachi | cobol2002_net_developer | 02-00 |
| hitachi | cobol2002_net_client_suite | 02-01 |
| hitachi | cobol2002_net_developer | 02-01-/c |
| hitachi | cobol2002_net_server_suite | 01-03-/f |
| hitachi | cobol2002_net_developer | 02-00-/d |
| hitachi | cobol2002_net_server_suite | 02-01 |
| hitachi | cobol2002_net_client_suite | 02-00 |
| hitachi | cobol2002_net_client_suite | 02-00-/d |
| hitachi | cobol2002_net_developer | 01-03-/f |
| hitachi | cobol2002_net_developer | 02-01 |
| hitachi | cobol2002_net_client_suite | 01-01-/d |
| hitachi | cobol2002_net_server_suite | 01-01 |
| hitachi | cobol2002_net_server_suite | 02-00 |
| hitachi | cobol2002_net_client_suite | 01-02-/f |
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | it_operations_director | 03-00 |
| hitachi | it_operations_director | 02-50-07 |
| hitachi | it_operations_director | 02-50-06 |
| hitachi | it_operations_director | 03-00-04 |
| hitachi | it_operations_director | 02-50-01 |
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | it_operations_director | 03-00 |
| hitachi | it_operations_director | 02-50-07 |
| hitachi | it_operations_director | 03-00-12 |
| hitachi | it_operations_director | 02-50 |
| hitachi | it_operations_director | 03-00-04 |
| hitachi | jp1/it_desktop_management-manager | 10-01-02 |
| hitachi | it_operations_director | 04-00 |
| hitachi | job_management_partner_1/it_desktop_management-manager | 10-01 |
| hitachi | it_operations_director | 02-50-01 |
| hitachi | it_operations_director | 03-00-08 |
| hitachi | it_operations_director | 03-00-07 |
| hitachi | jp1/it_desktop_management-manager | 10-00 |
| hitachi | jp1/it_desktop_management-manager | 10-01 |
| hitachi | job_management_partner_1/it_desktop_management-manager | 09-50 |
| hitachi | it_operations_director | 02-50-06 |
| hitachi | it_operations_director | 04-00-01 |
| hitachi | jp1/it_desktop_management-manager | 09-51 |
| hitachi | job_management_partner_1/it_desktop_management-manager | 09-50-03 |
| hitachi | jp1/it_desktop_management-manager | 09-51-05 |
| hitachi | jp1/it_desktop_management-manager | 10-00-02 |
Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/performance_management-manager_web_option | 07-54 |
| hitachi | tuning_manager | 7.6.1 |
| hitachi | tuning_manager | 8.0.0 |
| hitachi | tuning_manager | 6.0.0 |
| hitachi | jp1/performance_management-manager_web_option | 07-00 |
| hitachi | tuning_manager | 7.1.0 |
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/performance_management-manager_web_option | 07-54 |
| hitachi | tuning_manager | 7.6.1 |
| hitachi | tuning_manager | 8.0.0 |
| hitachi | tuning_manager | 6.0.0 |
| hitachi | jp1/performance_management-manager_web_option | 07-00 |
| hitachi | tuning_manager | 7.1.0 |
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | global_link_manager | * |
| hitachi | replication_manager | * |
| hitachi | tiered_storage_manager | * |
| hitachi | compute_systems_manager | 8.1.1 |
| hitachi | compute_systems_manager | 8.0.0 |
| hitachi | compute_systems_manager | * |
| hitachi | compute_systems_manager | 8.1.0 |
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | command_suite | 8.5.3 |
| hitachi | replication_manager | * |
| hitachi | tiered_storage_manager | * |
| hitachi | tuning_manager | * |
| hitachi | compute_systems_manager | * |
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | replication_manager | * |
| hitachi | tiered_storage_manager | * |
| hitachi | tuning_manager | * |
| hitachi | compute_systems_manager | * |
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | automation_director | * |
| hitachi | compute_systems_manager | * |
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | global_link_manager | * |
| hitachi | replication_manager | * |
| hitachi | tiered_storage_manager | * |
| hitachi | automation_director | * |
| hitachi | infrastructure_analytics_advisor | * |
| hitachi | tuning_manager | * |
| hitachi | compute_systems_manager | * |
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | replication_manager | * |
| hitachi | tiered_storage_manager | * |
| hitachi | infrastructure_analytics_advisor | * |
| hitachi | tuning_manager | * |
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-776,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.8 | 2.5 |
| hirt@hitachi.co.jp | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | 1.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_viewpoint | * |
| hitachi | ops_center_analyzer | * |
| hitachi | infrastructure_analytics_advisor | * |
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | tuning_manager | * |
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | 1.8 | 4.7 |
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_viewpoint | * |
| hitachi | ops_center_analyzer | * |
| hitachi | automation_director | * |
| hitachi | ops_center_automator | * |
| hitachi | infrastructure_analytics_advisor | * |
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | 1.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | replication_manager | * |
| hitachi | tiered_storage_manager | * |
| hitachi | tuning_manager | * |
| hitachi | compute_systems_manager | * |
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nec | nas_gateway_nh8b_firmware | * |
| nec | nas_gateway_nh4c_firmware | * |
| hitachi | virtual_file_platform | * |
| nec | nas_gateway_nh8a_firmware | * |
| nec | nas_gateway_nh8c_firmware | * |
| nec | nas_gateway_nh4b_firmware | * |
| nec | nas_gateway_nh4a_firmware | * |
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | application_server_v10_manual | * |
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/netdm/dm_client | * |
| hitachi | jp1/it_desktop_management_2-operations_director | * |
| hitachi | jp1/it_desktop_management_2-manager | * |
| hitachi | jp1/netdm/dm_manager | * |
| hitachi | jp1/it_desktop_management-manager | * |
| hitachi | jp1/netdm/dm_client-remote_control_feature | * |
| hitachi | job_management_partner_1/it_desktop_management-manager | * |
| hitachi | jp1/remote_control_agent | * |
| hitachi | jp1/netm/remote_control_agent | * |
| hitachi | job_management_partner_1/remote_control_agent | * |
| hitachi | job_management_partner_1/software_distribution_manager | * |
| hitachi | it_operations_director | * |
| hitachi | job_management_partner_1/software_distribution_client | * |
| hitachi | job_management_partner_1/it_desktop_management_2-manager | * |
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| cve@mitre.org | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/netm/remote_control_feature | * |
| hitachi | jp1/it_desktop_management_2-operations_director | * |
| hitachi | jp1/netm/dm_manager | * |
| hitachi | jp1/netm/dm_client-remote_control_feature | * |
| hitachi | jp1/it_desktop_management_2-manager | * |
| hitachi | jp1/netm/dm_client | * |
| hitachi | jp1/it_desktop_management-manager | * |
| hitachi | job_management_partner_1/it_desktop_management-manager | * |
| hitachi | jp1/remote_control_feature | * |
| hitachi | job_management_partner_1/remote_control_agent | * |
| hitachi | job_management_partner_1/software_distribution_manager | * |
| hitachi | it_operations_director | * |
| hitachi | job_management_partner_1/software_distribution_client | * |
| hitachi | job_management_partner_1/it_desktop_management_2-manager | * |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| cve@mitre.org | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_intelligence_server | * |
| hitachi | vantara_pentaho | * |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| cve@mitre.org | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-552,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_intelligence_server | * |
| hitachi | vantara_pentaho | * |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N | 2.8 | 4.2 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_intelligence_server | * |
| hitachi | vantara_pentaho | * |
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_intelligence_server | * |
| hitachi | vantara_pentaho | * |
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| cve@mitre.org | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | id_bravura_security_fabric | 12.1.0 |
| hitachi | id_bravura_security_fabric | * |
Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| cve@mitre.org | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 2.7 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N | 1.2 | 1.4 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cybersecurity@hitachienergy.com | 4.2 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.6 | 2.5 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | linkone | 3.26 |
| hitachi | linkone | 3.20 |
| hitachi | linkone | 3.25 |
| hitachi | linkone | 3.22 |
| hitachi | linkone | 3.24 |
| hitachi | linkone | 3.23 |
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| cybersecurity@hitachienergy.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | linkone | 3.26 |
| hitachi | linkone | 3.20 |
| hitachi | linkone | 3.25 |
| hitachi | linkone | 3.22 |
| hitachi | linkone | 3.24 |
| hitachi | linkone | 3.23 |
Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| cybersecurity@hitachienergy.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | linkone | 3.26 |
| hitachi | linkone | 3.20 |
| hitachi | linkone | 3.25 |
| hitachi | linkone | 3.22 |
| hitachi | linkone | 3.24 |
| hitachi | linkone | 3.23 |
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cybersecurity@hitachienergy.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | linkone | 3.26 |
| hitachi | linkone | 3.20 |
| hitachi | linkone | 3.25 |
| hitachi | linkone | 3.22 |
| hitachi | linkone | 3.24 |
| hitachi | linkone | 3.23 |
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link .
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| cve@mitre.org | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-552,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | content_platform_anywhere | * |
A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | community_plugin_framework | * |
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | 3.1 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 7.7 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H | 2.2 | 5.5 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| security.vulnerabilities@hitachivantara.com | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N | 2.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| hirt@hitachi.co.jp | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H | 1.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | storage_plug-in | 04.8.0 |
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| hirt@hitachi.co.jp | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | 1.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_analyzer | * |
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| cybersecurity@hitachienergy.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | relion_670_firmware | 2.2.2 |
| abb | fox615_tego1_firmware | r1e01 |
| hitachi | relion_670_firmware | 2.2.5 |
| abb | fox615_tego1_firmware | r1d02 |
| hitachi | relion_650_firmware | 2.2.5 |
| abb | fox615_tego1_firmware | r15b08 |
| hitachi | itt600_sa_explorer | 2.0.2 |
| hitachi | itt600_sa_explorer | 2.0.5.0 |
| hitachi | relion_670_firmware | 2.1 |
| hitachi | gms600_firmware | 1.3.0 |
| abb | rtu500_firmware | * |
| hitachi | relion_650_firmware | 2.2.4 |
| hitachi | itt600_sa_explorer | 1.1.1 |
| hitachi | itt600_sa_explorer | 2.0.4.1 |
| hitachi | pwc600_firmware | 1.2 |
| hitachi | relion_670_firmware | 2.2.3 |
| hitachi | relion_650_firmware | 2.2.0 |
| hitachi | relion_650_firmware | 2.2.2 |
| hitachi | itt600_sa_explorer | 1.7.0 |
| hitachi | pwc600_firmware | 1.1 |
| hitachi | relion_650_firmware | 2.1 |
| hitachi | itt600_sa_explorer | 1.5.1 |
| hitachi | itt600_sa_explorer | 1.1.0 |
| abb | txpert_hub_coretec_5_firmware | 3.0.0 |
| abb | modular_switchgear_monitoring_firmware | * |
| hitachi | itt600_sa_explorer | 2.0.5.4 |
| hitachi | itt600_sa_explorer | 1.6.0.1 |
| abb | fox615_tego1_firmware | r2b16 |
| hitachi | relion_670_firmware | 2.2.1 |
| hitachi | relion_sam600-io_firmware | 2.2.1 |
| hitachi | itt600_sa_explorer | 1.7.2 |
| hitachi | relion_650_firmware | 2.2.3 |
| hitachi | relion_670_firmware | 1.2 |
| hitachi | itt600_sa_explorer | 1.5.0 |
| abb | fox615_tego1_firmware | r2b16_03 |
| hitachi | pwc600_firmware | 1.0 |
| hitachi | itt600_sa_explorer | 2.0.1 |
| hitachi | relion_670_firmware | 2.0 |
| abb | sys600_firmware | * |
| hitachi | itt600_sa_explorer | 2.0.3 |
| hitachi | relion_670_firmware | 2.2.4 |
| hitachi | relion_650_firmware | 1.1 |
| abb | fox615_tego1_firmware | r1b02 |
| abb | fox615_tego1_firmware | r1c07 |
| abb | txpert_hub_coretec_4_firmware | * |
| abb | rtu500_firmware | 13.4.1 |
| hitachi | relion_650_firmware | 2.2.1 |
| abb | reb500_firmware | * |
| hitachi | itt600_sa_explorer | 2.1.0.4 |
| hitachi | itt600_sa_explorer | 2.1.0.5 |
| hitachi | itt600_sa_explorer | 1.6.0 |
| hitachi | itt600_sa_explorer | 1.8.0 |
| hitachi | relion_670_firmware | 2.2.0 |
| hitachi | relion_650_firmware | 1.3 |
| hitachi | itt600_sa_explorer | 1.1.2 |
| hitachi | relion_sam600-io_firmware | 2.2.5 |
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/automatic_operation | 11-50 |
| hitachi | jp1/automatic_operation | 12-60 |
| hitachi | jp1/automatic_operation | * |
| hitachi | jp1/automatic_operation | 10-01 |
| hitachi | jp1/automatic_operation | 10-11 |
| hitachi | jp1/automatic_operation | 10-51 |
| hitachi | jp1/automatic_operation | 10-50 |
| hitachi | jp1/automatic_operation | 10-02 |
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | raid_manager_storage_replication_adapter | 02.05.00 |
| hitachi | raid_manager_storage_replication_adapter | * |
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | raid_manager_storage_replication_adapter | 02.05.00 |
| hitachi | raid_manager_storage_replication_adapter | * |
An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | hc-ip9100hd_firmware | * |
Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | hc-ip9100hd_firmware | * |
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
| hirt@hitachi.co.jp | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N | 2.0 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_analyzer | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | storage_plug-in | 04.8.0 |
| hitachi | storage_plug-in | 04.9.0 |
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | replication_manager | * |
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| hirt@hitachi.co.jp | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_viewpoint | * |
| hitachi | ops_center_analyzer | * |
| hitachi | infrastructure_analytics_advisor | * |
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_analyzer | * |
| hitachi | infrastructure_analytics_advisor | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| security.vulnerabilities@hitachivantara.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| security.vulnerabilities@hitachivantara.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| security.vulnerabilities@hitachivantara.com | 3.8 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N | 1.2 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| security.vulnerabilities@hitachivantara.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | 3.9 | 4.7 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L | 2.8 | 4.2 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | storage_plug-in | 04.8.0 |
| hitachi | storage_plug-in | 04.9.0 |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| security.vulnerabilities@hitachivantara.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.0 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 3.9 | 4.7 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_analyzer | * |
| hitachi | infrastructure_analytics_advisor | * |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho | * |
| hitachi | vantara_pentaho_business_analytics_server | * |
| hitachi | vantara_pentaho_business_analytics_server | 9.4.0.0 |
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
| hirt@hitachi.co.jp | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.6 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | hirdb_structured_data_access_facility | * |
| hitachi | hirdb_server | * |
| hitachi | hirdb_server_with_additional_function | * |
Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N | 2.3 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_analyzer | 10.9.1-00 |
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| hirt@hitachi.co.jp | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_administrator | * |
Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 2.2 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 5.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.2 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| hirt@hitachi.co.jp | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | jp1/performance_management | - |
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | eh-view | - |
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N | 3.1 | 4.7 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | pentaho_data_integration_and_analytics | * |
Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| hirt@hitachi.co.jp | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_common_services | * |
** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| hirt@hitachi.co.jp | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | eh-view | - |
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| hirt@hitachi.co.jp | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | eh-view | - |
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| hirt@hitachi.co.jp | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | eh-view | - |
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_pentaho_data_integration_and_analytics | * |
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| security.vulnerabilities@hitachivantara.com | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | vantara_hitachi_network_attached_storage | * |
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
| hirt@hitachi.co.jp | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | 1.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | tuning_manager | * |
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| security.vulnerabilities@hitachivantara.com | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | system_management_unit_firmware | * |
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | global_link_manager | * |
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.9 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L | 2.0 | 5.3 |
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | storage_plug-in | * |
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 5.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 2.5 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_common_services | * |
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H | 2.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | pentaho_business_analytics_server | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L | 2.8 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | business_analytics_server | * |
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security.vulnerabilities@hitachivantara.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L | 2.8 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | pentaho_business_analytics_server | * |
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | 3.9 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | tuning_manager | * |
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_common_services | * |
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.0 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | ops_center_api_configuration_manager | * |
| hitachi | configuration_manager | * |
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 5.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | 2.0 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | device_manager | * |
| hitachi | ops_center_api_configuration_manager | * |
| hitachi | configuration_manager | * |
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | job_management_partner_1/it_desktop_management-manager | * |
| hitachi | jp1/it_desktop_management_2-operations_director | * |
| hitachi | jp1/netm/dm_manager | * |
| hitachi | jp1/it_desktop_management_2-manager | * |
| hitachi | jp1/netm/dm_client | * |
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| hirt@hitachi.co.jp | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hitachi | job_management_partner_1/it_desktop_management-manager | * |
| hitachi | jp1/it_desktop_management_2-operations_director | * |
| hitachi | jp1/netm/dm_manager | * |
| hitachi | jp1/it_desktop_management_2-manager | * |
| hitachi | jp1/netm/dm_client | * |