VAR-201406-0501
Vulnerability from variot - Updated: 2022-05-17 02:07Hitachi COBOL2002 is a COBOL running on Japanese XP.
Hitachi COBOL2002 products have errors in parsing XML entities, allowing attackers to exploit vulnerabilities through specially crafted XML documents containing references to external entities to obtain local resources or consume large amounts of server resources. Multiple Hitachi COBOL2002 Products is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information or cause denial-of-service conditions. This may lead to further attacks. The following are vulnerable: COBOL2002 Net Developer COBOL2002 Net Client Suite COBOL2002 Net Client Runtime COBOL2002 Net Server Suite COBOL2002 Net Server Runtime COBOL2002 Net Developer(64) COBOL2002 Net Server Suite(64) COBOL2002 Net Server Runtime(64) COBOL2002 Developer Professional
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "3.x"
},
{
"model": "cobol2002 net server suite 03-01-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-01"
},
{
"model": "cobol2002 net server suite 03-00-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "cobol2002 net server suite 01-03-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer 03-01-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-01"
},
{
"model": "cobol2002 net developer 03-00-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "cobol2002 net developer 01-03-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite 01-03-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01(*1)"
},
{
"model": "cobol2002 net server suite 02-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"model": "cobol2002 net server suite 02-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-03"
},
{
"model": "cobol2002 net server suite 01-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-02"
},
{
"model": "cobol2002 net server suite 01-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-01"
},
{
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-00"
},
{
"model": "cobol2002 net server runtime 03-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"model": "cobol2002 net server runtime 03-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net server runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "cobol2002 net server runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01(*1)"
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01(*1)"
},
{
"model": "cobol2002 net developer 02-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer 02-01-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"model": "cobol2002 net developer 02-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-03"
},
{
"model": "cobol2002 net developer 01-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-02"
},
{
"model": "cobol2002 net developer 01-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-01"
},
{
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-00"
},
{
"model": "cobol2002 net client suite 03-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"model": "cobol2002 net client suite 03-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "cobol2002 net client suite 02-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"model": "cobol2002 net client suite 02-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-03"
},
{
"model": "cobol2002 net client suite 01-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-02"
},
{
"model": "cobol2002 net client suite 01-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-01"
},
{
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-00"
},
{
"model": "cobol2002 net client runtime 03-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"model": "cobol2002 net client runtime 03-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "cobol2002 net client runtime 02-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client runtime 01-03-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 net client runtime 01-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 developer professional 03-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol2002 developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"db": "BID",
"id": "68016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68016"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03738",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-03738",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi COBOL2002 is a COBOL running on Japanese XP. \n\nHitachi COBOL2002 products have errors in parsing XML entities, allowing attackers to exploit vulnerabilities through specially crafted XML documents containing references to external entities to obtain local resources or consume large amounts of server resources. Multiple Hitachi COBOL2002 Products is prone to an XML External Entity injection vulnerability. \nAttackers can exploit this issue to obtain potentially sensitive information or cause denial-of-service conditions. This may lead to further attacks. \nThe following are vulnerable:\nCOBOL2002 Net Developer\nCOBOL2002 Net Client Suite\nCOBOL2002 Net Client Runtime\nCOBOL2002 Net Server Suite\nCOBOL2002 Net Server Runtime\nCOBOL2002 Net Developer(64)\nCOBOL2002 Net Server Suite(64)\nCOBOL2002 Net Server Runtime(64)\nCOBOL2002 Developer Professional",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"db": "BID",
"id": "68016"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "HITACHI",
"id": "HS14-014",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-03738",
"trust": 0.6
},
{
"db": "BID",
"id": "68016",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"db": "BID",
"id": "68016"
}
]
},
"id": "VAR-201406-0501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
}
],
"trust": 1.0375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
}
]
},
"last_update_date": "2022-05-17T02:07:12.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi COBOL2002 Product XML External Entity Processing Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-014/index.html"
},
{
"trust": 0.3,
"url": "http://www.hitachi.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"db": "BID",
"id": "68016"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"db": "BID",
"id": "68016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"date": "2014-06-10T00:00:00",
"db": "BID",
"id": "68016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03738"
},
{
"date": "2014-06-10T00:00:00",
"db": "BID",
"id": "68016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "68016"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi COBOL2002 Product XML External Entity Processing Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03738"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "68016"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…