Details of VAR-201302-0588

ID

VAR-201302-0588

TITLE

Multiple vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management

Trust: 0.8

sources: JVNDB: JVNDB-2013-001605

DESCRIPTION

Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option contain Cross-site scripting and cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products.A remote attacker can insert to malicious scripts during display of the web page by logging in as a user of that products.

Trust: 0.8

sources: JVNDB: JVNDB-2013-001605

AFFECTED PRODUCTS

vendor:	hitachi	model:	tuning manager	scope:	eq	version:	(english version)	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	eq	version:	(japanese version)	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/performance management - web console	scope:	eq	version:	(english version)	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- manager web option (japanese version)	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console (japanese version)	Trust: 0.8

sources: JVNDB: JVNDB-2013-001605

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2013-001605
value:	HIGH
Trust: 0.8

IPA:	JVNDB-2013-001605
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2013-001605

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 0.8
problemtype:	CWE-352	Trust: 0.8

JVNDB-2013-001605

date:

2013-02-22T00:00:00