Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for TRMTracker by Hitachi Energy

    CVE-2025-27633 (GCVE-0-2025-27633)

    Vulnerability from nvd – Published: 2025-03-25 12:40 – Updated: 2025-03-25 13:09
    VLAI
    Summary
    The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy TRMTracker Affected: 6.2 , ≤ 6.2.04 (custom)
    Affected: 6.3 , ≤ 6.3.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T13:09:06.568026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T13:09:15.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TRMTracker",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.04",
                  "status": "affected",
                  "version": "6.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.01",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system."
                }
              ],
              "value": "The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-25T12:40:37.667Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2025-27633",
        "datePublished": "2025-03-25T12:40:37.667Z",
        "dateReserved": "2025-03-04T11:40:47.755Z",
        "dateUpdated": "2025-03-25T13:09:15.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27632 (GCVE-0-2025-27632)

    Vulnerability from nvd – Published: 2025-03-25 12:37 – Updated: 2025-10-24 12:10
    VLAI
    Summary
    A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy TRMTracker Affected: 6.2 , ≤ 6.2.04 (custom)
    Affected: 6.3 , ≤ 6.3.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T13:10:29.615743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T13:10:39.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TRMTracker",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.04",
                  "status": "affected",
                  "version": "6.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.01",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning."
                }
              ],
              "value": "A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-6",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-6 Argument Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-24T12:10:40.967Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2025-27632",
        "datePublished": "2025-03-25T12:37:30.114Z",
        "dateReserved": "2025-03-04T11:40:47.755Z",
        "dateUpdated": "2025-10-24T12:10:40.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27631 (GCVE-0-2025-27631)

    Vulnerability from nvd – Published: 2025-03-25 12:46 – Updated: 2025-03-25 13:07
    VLAI
    Summary
    The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy TRMTracker Affected: 6.2 , ≤ 6.2.04 (custom)
    Affected: 6.3 , ≤ 6.3.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T13:07:38.216323Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T13:07:52.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TRMTracker",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.04",
                  "status": "affected",
                  "version": "6.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.01",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.\u003cbr\u003e"
                }
              ],
              "value": "The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-136",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-136 LDAP Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-25T12:46:08.184Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2025-27631",
        "datePublished": "2025-03-25T12:46:08.184Z",
        "dateReserved": "2025-03-04T11:40:47.755Z",
        "dateUpdated": "2025-03-25T13:07:52.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27631 (GCVE-0-2025-27631)

    Vulnerability from cvelistv5 – Published: 2025-03-25 12:46 – Updated: 2025-03-25 13:07
    VLAI
    Summary
    The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy TRMTracker Affected: 6.2 , ≤ 6.2.04 (custom)
    Affected: 6.3 , ≤ 6.3.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T13:07:38.216323Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T13:07:52.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TRMTracker",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.04",
                  "status": "affected",
                  "version": "6.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.01",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.\u003cbr\u003e"
                }
              ],
              "value": "The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-136",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-136 LDAP Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-90",
                  "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-25T12:46:08.184Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2025-27631",
        "datePublished": "2025-03-25T12:46:08.184Z",
        "dateReserved": "2025-03-04T11:40:47.755Z",
        "dateUpdated": "2025-03-25T13:07:52.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27633 (GCVE-0-2025-27633)

    Vulnerability from cvelistv5 – Published: 2025-03-25 12:40 – Updated: 2025-03-25 13:09
    VLAI
    Summary
    The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy TRMTracker Affected: 6.2 , ≤ 6.2.04 (custom)
    Affected: 6.3 , ≤ 6.3.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T13:09:06.568026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T13:09:15.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TRMTracker",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.04",
                  "status": "affected",
                  "version": "6.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.01",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system."
                }
              ],
              "value": "The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-25T12:40:37.667Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2025-27633",
        "datePublished": "2025-03-25T12:40:37.667Z",
        "dateReserved": "2025-03-04T11:40:47.755Z",
        "dateUpdated": "2025-03-25T13:09:15.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27632 (GCVE-0-2025-27632)

    Vulnerability from cvelistv5 – Published: 2025-03-25 12:37 – Updated: 2025-10-24 12:10
    VLAI
    Summary
    A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Energy TRMTracker Affected: 6.2 , ≤ 6.2.04 (custom)
    Affected: 6.3 , ≤ 6.3.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T13:10:29.615743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T13:10:39.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TRMTracker",
              "vendor": "Hitachi Energy",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.04",
                  "status": "affected",
                  "version": "6.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "6.3.01",
                  "status": "affected",
                  "version": "6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning."
                }
              ],
              "value": "A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-6",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-6 Argument Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-24T12:10:40.967Z",
            "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
            "shortName": "Hitachi Energy"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "assignerShortName": "Hitachi Energy",
        "cveId": "CVE-2025-27632",
        "datePublished": "2025-03-25T12:37:30.114Z",
        "dateReserved": "2025-03-04T11:40:47.755Z",
        "dateUpdated": "2025-10-24T12:10:40.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }