VAR-201306-0417
Vulnerability from variot - Updated: 2022-05-17 01:46When malicious data is viewed, it can obtain sensitive information of the target user or hijack user sessions. Hitachi Device Manager Software, Hitachi Tiered Storage Manager Software, Hitachi Tuning Manager Software, and Hitachi Compute Systems Manager Software are all integrated software products of Hitachi Command Suite. Hitachi Command Suite is a unified management storage system of Hitachi (HITACHI), which provides storage management functions such as storage resource management, tiered storage management, performance and service level management. An HTML injection vulnerability exists in several Hitachi Command Suite products. The vulnerability stems from the program's failure to validate user-submitted input. An attacker can use this vulnerability to run HTML or JavaScript code provided by the attacker in the context of the affected site. It can steal cookie-based authentication and control how the site is presented to the user. There may also be other forms of attacks. Vulnerabilities exist in the following products: Hitachi Device Manager Software versions prior to 7.5.0-02, Hitachi Tiered Storage Manager Software versions prior to 7.5.0-02, Hitachi Tuning Manager Software versions prior to 7.5.0-02, Hitachi Compute Systems Manager Software versions prior to 7.5.0-00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.x"
},
{
"model": "tiered storage manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.x"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.x"
},
{
"model": "compute systems manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.x"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1-00"
},
{
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"model": "compute systems manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.1-00"
},
{
"model": "tuning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"model": "tiered storage manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"model": "device manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"model": "compute systems manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"db": "BID",
"id": "60667"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "60667"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-07954",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-07954",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When malicious data is viewed, it can obtain sensitive information of the target user or hijack user sessions. Hitachi Device Manager Software, Hitachi Tiered Storage Manager Software, Hitachi Tuning Manager Software, and Hitachi Compute Systems Manager Software are all integrated software products of Hitachi Command Suite. Hitachi Command Suite is a unified management storage system of Hitachi (HITACHI), which provides storage management functions such as storage resource management, tiered storage management, performance and service level management. \nAn HTML injection vulnerability exists in several Hitachi Command Suite products. The vulnerability stems from the program\u0027s failure to validate user-submitted input. An attacker can use this vulnerability to run HTML or JavaScript code provided by the attacker in the context of the affected site. It can steal cookie-based authentication and control how the site is presented to the user. There may also be other forms of attacks. Vulnerabilities exist in the following products: Hitachi Device Manager Software versions prior to 7.5.0-02, Hitachi Tiered Storage Manager Software versions prior to 7.5.0-02, Hitachi Tuning Manager Software versions prior to 7.5.0-02, Hitachi Compute Systems Manager Software versions prior to 7.5.0-00",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-441"
},
{
"db": "BID",
"id": "60667"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "60667",
"trust": 1.5
},
{
"db": "HITACHI",
"id": "HS13-014",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "53860",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-07954",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-441",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"db": "BID",
"id": "60667"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
]
},
"id": "VAR-201306-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
}
],
"trust": 1.03539715
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
}
]
},
"last_update_date": "2022-05-17T01:46:36.085000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Unknown script injection vulnerability in Hitachi multiple products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34784"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-014/index.html"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/53860/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60667"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"db": "BID",
"id": "60667"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"db": "BID",
"id": "60667"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"date": "2013-06-17T00:00:00",
"db": "BID",
"id": "60667"
},
{
"date": "2013-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07954"
},
{
"date": "2013-06-17T00:00:00",
"db": "BID",
"id": "60667"
},
{
"date": "2013-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown script injection vulnerability in Hitachi multiple products",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07954"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-441"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…