Details of VAR-201306-0417

ID

VAR-201306-0417

TITLE

Unknown script injection vulnerability in Hitachi multiple products

Trust: 0.6

sources: CNVD: CNVD-2013-07954

DESCRIPTION

When malicious data is viewed, it can obtain sensitive information of the target user or hijack user sessions. Hitachi Device Manager Software, Hitachi Tiered Storage Manager Software, Hitachi Tuning Manager Software, and Hitachi Compute Systems Manager Software are all integrated software products of Hitachi Command Suite. Hitachi Command Suite is a unified management storage system of Hitachi (HITACHI), which provides storage management functions such as storage resource management, tiered storage management, performance and service level management. An HTML injection vulnerability exists in several Hitachi Command Suite products. The vulnerability stems from the program's failure to validate user-submitted input. An attacker can use this vulnerability to run HTML or JavaScript code provided by the attacker in the context of the affected site. It can steal cookie-based authentication and control how the site is presented to the user. There may also be other forms of attacks. Vulnerabilities exist in the following products: Hitachi Device Manager Software versions prior to 7.5.0-02, Hitachi Tiered Storage Manager Software versions prior to 7.5.0-02, Hitachi Tuning Manager Software versions prior to 7.5.0-02, Hitachi Compute Systems Manager Software versions prior to 7.5.0-00

Trust: 1.35

sources: CNVD: CNVD-2013-07954 // CNNVD: CNNVD-201306-441 // BID: 60667

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-07954

AFFECTED PRODUCTS

vendor:	hitachi	model:	device manager software	scope:	eq	version:	7.x	Trust: 0.6
vendor:	hitachi	model:	tiered storage manager	scope:	eq	version:	7.x	Trust: 0.6
vendor:	hitachi	model:	tuning manager	scope:	eq	version:	7.x	Trust: 0.6
vendor:	hitachi	model:	compute systems manager software	scope:	eq	version:	7.x	Trust: 0.6
vendor:	hitachi	model:	tuning manager software	scope:	eq	version:	7.0.0-00	Trust: 0.3
vendor:	hitachi	model:	tiered storage manager software	scope:	eq	version:	7.1.1-00	Trust: 0.3
vendor:	hitachi	model:	device manager software	scope:	eq	version:	7.0.0-00	Trust: 0.3
vendor:	hitachi	model:	compute systems manager software	scope:	eq	version:	7.4.1-00	Trust: 0.3
vendor:	hitachi	model:	tuning manager software	scope:	ne	version:	7.5.0-02	Trust: 0.3
vendor:	hitachi	model:	tiered storage manager software	scope:	ne	version:	7.5.0-02	Trust: 0.3
vendor:	hitachi	model:	device manager software	scope:	ne	version:	7.5.0-02	Trust: 0.3
vendor:	hitachi	model:	compute systems manager software	scope:	ne	version:	7.5.0-00	Trust: 0.3

sources: CNVD: CNVD-2013-07954 // BID: 60667

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-07954
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-07954
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-07954

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-441

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201306-441

PATCH

title:

Patch for Unknown script injection vulnerability in Hitachi multiple products

url:

https://www.cnvd.org.cn/patchinfo/show/34784

Trust: 0.6

sources: CNVD: CNVD-2013-07954

EXTERNAL IDS

db:	BID	id:	60667	Trust: 1.5
db:	HITACHI	id:	HS13-014	Trust: 0.9
db:	SECUNIA	id:	53860	Trust: 0.6
db:	CNVD	id:	CNVD-2013-07954	Trust: 0.6
db:	CNNVD	id:	CNNVD-201306-441	Trust: 0.6

sources: CNVD: CNVD-2013-07954 // BID: 60667 // CNNVD: CNNVD-201306-441

REFERENCES

url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-014/index.html	Trust: 0.9
url:	http://www.secunia.com/advisories/53860/	Trust: 0.6
url:	http://www.securityfocus.com/bid/60667	Trust: 0.6
url:	http://www.hds.com/products/storage-software/hitachi-device-manager.html	Trust: 0.3

sources: CNVD: CNVD-2013-07954 // BID: 60667 // CNNVD: CNNVD-201306-441

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 60667

SOURCES

db:	CNVD	id:	CNVD-2013-07954
db:	BID	id:	60667
db:	CNNVD	id:	CNNVD-201306-441

LAST UPDATE DATE

2022-05-17T01:46:36.085000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-07954	date:	2013-06-24T00:00:00
db:	BID	id:	60667	date:	2013-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201306-441	date:	2013-07-01T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-07954	date:	2013-06-24T00:00:00
db:	BID	id:	60667	date:	2013-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201306-441	date:	2013-06-26T00:00:00