Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Hitachi Global Link Manager by Hitachi

    CVE-2024-0715 (GCVE-0-2024-0715)

    Vulnerability from nvd – Published: 2024-02-20 01:17 – Updated: 2024-08-08 19:10
    VLAI
    Title
    EL Injection Vulnerability in Hitachi Global Link Manager
    Summary
    Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Global Link Manager Affected: 0 , < 8.8.7-03 (custom)
    Create a notification for this product.
    hitachi global_link_manager Affected: 0 , < 8.8.7-03 (custom)
        cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_link_manager",
                "vendor": "hitachi",
                "versions": [
                  {
                    "lessThan": "8.8.7-03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0715",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T18:28:11.544360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T19:10:35.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Hitachi Global Link Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "8.8.7-03",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.8.7-03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.\u003cp\u003eThis issue affects Hitachi Global Link Manager: before 8.8.7-03.\u003c/p\u003e"
                }
              ],
              "value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T01:17:38.663Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2024-112",
            "discovery": "UNKNOWN"
          },
          "title": "EL Injection Vulnerability in Hitachi Global Link Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2024-0715",
        "datePublished": "2024-02-20T01:17:38.663Z",
        "dateReserved": "2024-01-19T07:07:17.235Z",
        "dateUpdated": "2024-08-08T19:10:35.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0715 (GCVE-0-2024-0715)

    Vulnerability from cvelistv5 – Published: 2024-02-20 01:17 – Updated: 2024-08-08 19:10
    VLAI
    Title
    EL Injection Vulnerability in Hitachi Global Link Manager
    Summary
    Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Global Link Manager Affected: 0 , < 8.8.7-03 (custom)
    Create a notification for this product.
    hitachi global_link_manager Affected: 0 , < 8.8.7-03 (custom)
        cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_link_manager",
                "vendor": "hitachi",
                "versions": [
                  {
                    "lessThan": "8.8.7-03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0715",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T18:28:11.544360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T19:10:35.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Hitachi Global Link Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "8.8.7-03",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.8.7-03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.\u003cp\u003eThis issue affects Hitachi Global Link Manager: before 8.8.7-03.\u003c/p\u003e"
                }
              ],
              "value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-917",
                  "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T01:17:38.663Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2024-112",
            "discovery": "UNKNOWN"
          },
          "title": "EL Injection Vulnerability in Hitachi Global Link Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2024-0715",
        "datePublished": "2024-02-20T01:17:38.663Z",
        "dateReserved": "2024-01-19T07:07:17.235Z",
        "dateUpdated": "2024-08-08T19:10:35.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }