Details of VAR-201102-0385

ID

VAR-201102-0385

TITLE

Hitachi Tuning Manager Unknown Cross-Site Scripting Vulnerability

Trust: 1.0

sources: IVD: 94f56f40-1fa0-11e6-abef-000c29c66e3d // IVD: 7d7a45c0-463f-11e9-a941-000c29342cb1 // CNVD: CNVD-2011-0472

DESCRIPTION

Hitachi Tuning Manager is an automated, intelligent and path-aware storage resource management software that monitors, analyzes and audits the performance of storage network resources from applications to storage devices. Hitachi Tuning Manager has multiple input validation issues, and remote attackers can exploit vulnerabilities for cross-site scripting attacks to obtain sensitive information or hijack target user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Hitachi Tuning Manager versions 6.0.0 through 6.4.0-01 and 7.0.0 are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Tuning Manager Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA43209 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43209/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43209 RELEASE DATE: 2011-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/43209/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43209/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43209 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi Tuning Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in versions 6.0.0 through 6.4.0-01 and 7.0.0 running on Windows and Solaris. SOLUTION: Update to version 6.4.0-02 or 7.0.0-01. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS11-002: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-002/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: CNVD: CNVD-2011-0472 // BID: 46175 // IVD: 94f56f40-1fa0-11e6-abef-000c29c66e3d // IVD: 7d7a45c0-463f-11e9-a941-000c29342cb1 // PACKETSTORM: 98202

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 94f56f40-1fa0-11e6-abef-000c29c66e3d // IVD: 7d7a45c0-463f-11e9-a941-000c29342cb1 // CNVD: CNVD-2011-0472

AFFECTED PRODUCTS

vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.401	Trust: 0.9
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.0	Trust: 0.9
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.0	Trust: 0.9
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.1-00	Trust: 0.9
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.1-00	Trust: 0.9
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.2-00	Trust: 0.9
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.2-00	Trust: 0.9
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.2-01	Trust: 0.9
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.2-01	Trust: 0.9
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.401	Trust: 0.9
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	7.0	Trust: 0.9
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.0	Trust: 0.9
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.401*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.0*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.0*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.1-00*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.1-00*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.2-00*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.2-00*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.2-01*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.2-01*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.401*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	7.0*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.0*	Trust: 0.4
vendor:	hitachi	model:	tuning manager software	scope:	ne	version:	7.001	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	ne	version:	7.001	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	ne	version:	6.402	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	ne	version:	6.402	Trust: 0.3

sources: IVD: 94f56f40-1fa0-11e6-abef-000c29c66e3d // IVD: 7d7a45c0-463f-11e9-a941-000c29342cb1 // CNVD: CNVD-2011-0472 // BID: 46175

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	94f56f40-1fa0-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	7d7a45c0-463f-11e9-a941-000c29342cb1
value:	HIGH
Trust: 0.2

IVD:	94f56f40-1fa0-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	7d7a45c0-463f-11e9-a941-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 94f56f40-1fa0-11e6-abef-000c29c66e3d // IVD: 7d7a45c0-463f-11e9-a941-000c29342cb1

THREAT TYPE

network

Trust: 0.3

sources: BID: 46175

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 46175

PATCH

title:

Hitachi Tuning Manager patch for unclear cross-site scripting vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/2838

Trust: 0.6

sources: CNVD: CNVD-2011-0472

EXTERNAL IDS

db:	CNVD	id:	CNVD-2011-0472	Trust: 1.0
db:	BID	id:	46175	Trust: 0.9
db:	SECUNIA	id:	43209	Trust: 0.8
db:	HITACHI	id:	HS11-002	Trust: 0.4
db:	IVD	id:	94F56F40-1FA0-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D7A45C0-463F-11E9-A941-000C29342CB1	Trust: 0.2
db:	PACKETSTORM	id:	98202	Trust: 0.1

sources: IVD: 94f56f40-1fa0-11e6-abef-000c29c66e3d // IVD: 7d7a45c0-463f-11e9-a941-000c29342cb1 // CNVD: CNVD-2011-0472 // BID: 46175 // PACKETSTORM: 98202

REFERENCES

url:	http://secunia.com/advisories/43209/	Trust: 0.7
url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-002/index.html	Trust: 0.4
url:	http://www.hitachi.com	Trust: 0.3
url:	http://www.hds.com/products/storage-software/hitachi-tuning-manager.html	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=43209	Trust: 0.1
url:	http://secunia.com/advisories/43209/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-0472 // BID: 46175 // PACKETSTORM: 98202

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 46175

SOURCES

db:	IVD	id:	94f56f40-1fa0-11e6-abef-000c29c66e3d
db:	IVD	id:	7d7a45c0-463f-11e9-a941-000c29342cb1
db:	CNVD	id:	CNVD-2011-0472
db:	BID	id:	46175
db:	PACKETSTORM	id:	98202

LAST UPDATE DATE

2022-05-17T01:37:52.239000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-0472	date:	2011-02-08T00:00:00
db:	BID	id:	46175	date:	2011-02-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	94f56f40-1fa0-11e6-abef-000c29c66e3d	date:	2011-02-08T00:00:00
db:	IVD	id:	7d7a45c0-463f-11e9-a941-000c29342cb1	date:	2011-02-08T00:00:00
db:	CNVD	id:	CNVD-2011-0472	date:	2011-02-08T00:00:00
db:	BID	id:	46175	date:	2011-02-07T00:00:00
db:	PACKETSTORM	id:	98202	date:	2011-02-07T04:43:30