Details of VAR-201302-0471

ID

VAR-201302-0471

TITLE

Multiple Hitachi Product Cross-Site Scripting and Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201302-502

DESCRIPTION

Multiple Hitachi products are prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability because it fails to sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible. The following Hitachi products are vulnerable: Hitachi Tuning Manager Software Hitachi JP1/Performance Management - Web Console Hitachi JP1/Performance Management - Manager Web Option

Trust: 0.3

sources: BID: 58009

AFFECTED PRODUCTS

vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-10-00-03	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-10-00-00	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-09-50-03	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-09-50-00	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-09-10-10	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-09-10-00	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-09-00-12	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-09-00-00	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-50-13	Trust: 1.5
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-50-00	Trust: 1.5
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.4.0-02	Trust: 0.6
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.4.0-01	Trust: 0.6
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	3.5.0	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-11-08	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-11-00	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-10-08	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-10-00	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-00-12	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management web console	scope:	eq	version:	-08-00-00	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management manager web option	scope:	eq	version:	-07-54	Trust: 0.6
vendor:	hitachi	model:	jp1/performance management manager web option	scope:	eq	version:	-07-00	Trust: 0.6
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.001	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	7.001	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.0	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	7.0	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.402	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.402	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.401	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.401	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.2-01	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.2-01	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.2-00	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.2-00	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.1-00	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.1-00	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hitachi	model:	tuning manager software )	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hitachi	model:	tuning manager software (solaris(sp	scope:	eq	version:	7.4.0-02	Trust: 0.3
vendor:	hitachi	model:	tuning manager software (solaris(sp	scope:	eq	version:	7.4.0-01	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.1.0-00	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.1.0	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	6.4.0-03	Trust: 0.3

sources: BID: 58009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-502

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201302-502

EXTERNAL IDS

db:	BID	id:	58009	Trust: 0.9
db:	CNNVD	id:	CNNVD-201302-502	Trust: 0.6
db:	HITACHI	id:	HS13-003	Trust: 0.3

sources: BID: 58009 // CNNVD: CNNVD-201302-502

REFERENCES

url:	http://www.securityfocus.com/bid/58009	Trust: 0.6
url:	http://www.hds.com/products/storage-software/hitachi-tuning-manager.html	Trust: 0.3
url:	http://www.hitachi.com/products/it/software/prod/jp1/popup/pfm.html	Trust: 0.3
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-003/index.html	Trust: 0.3

sources: BID: 58009 // CNNVD: CNNVD-201302-502

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 58009

SOURCES

db:	BID	id:	58009
db:	CNNVD	id:	CNNVD-201302-502

LAST UPDATE DATE

2022-05-17T02:03:24.128000+00:00

SOURCES UPDATE DATE

db:	BID	id:	58009	date:	2013-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201302-502	date:	2013-02-26T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	58009	date:	2013-02-18T00:00:00
db:	CNNVD	id:	CNNVD-201302-502	date:	2013-02-26T00:00:00