Details of VAR-201403-0707

ID

VAR-201403-0707

TITLE

Unknown Cross-Site Scripting Vulnerability in Hitachi JP1 / Integrated Management-Service Support

Trust: 0.6

sources: CNVD: CNVD-2014-01600

DESCRIPTION

Hitachi JP1 / Integrated Management is a solution that monitors business execution and centrally manages system content such as OS and applications. The unknown input of the related View lacks sufficient filtering when returned to the users of Service Support. Remote attackers can use the vulnerability to construct malicious URIs, induce users to resolve, obtain sensitive cookies, hijack sessions or perform malicious operations on the client. Hitachi JP1/Integrated Management - Service Support is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following versions are vulnerable: Hitachi JP1/Integrated Management - Service Support versions 09-50 through 09-50-06 Hitachi JP1/Integrated Management - Service Support versions 10-00 through 10-00-03 Hitachi JP1/Integrated Management - Service Support version 10-10 Note: This issue affects Hitachi JP1/Integrated Management - Service Support for Windows platforms

Trust: 0.81

sources: CNVD: CNVD-2014-01600 // BID: 66047

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01600

AFFECTED PRODUCTS

vendor:	hitachi	model:	jp1/integrated management	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	jp1/integrated management service support	scope:	eq	version:	-09-50-01	Trust: 0.3

sources: CNVD: CNVD-2014-01600 // BID: 66047

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01600
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-01600
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01600

THREAT TYPE

network

Trust: 0.3

sources: BID: 66047

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 66047

PATCH

title:

Patch for Unknown Cross-Site Scripting Vulnerability in Hitachi JP1 / Integrated Management-Service Support

url:

https://www.cnvd.org.cn/patchinfo/show/44178

Trust: 0.6

sources: CNVD: CNVD-2014-01600

EXTERNAL IDS

db:	BID	id:	66047	Trust: 0.9
db:	HITACHI	id:	HS14-006	Trust: 0.6
db:	SECUNIA	id:	57257	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01600	Trust: 0.6

sources: CNVD: CNVD-2014-01600 // BID: 66047

REFERENCES

url:	http://secunia.com/advisories/57257/	Trust: 0.6
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-006/index.html	Trust: 0.6
url:	http://www.hitachi.com	Trust: 0.3

sources: CNVD: CNVD-2014-01600 // BID: 66047

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66047

SOURCES

db:	CNVD	id:	CNVD-2014-01600
db:	BID	id:	66047

LAST UPDATE DATE

2022-05-17T02:09:49.968000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01600	date:	2014-03-12T00:00:00
db:	BID	id:	66047	date:	2014-03-07T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01600	date:	2014-03-12T00:00:00
db:	BID	id:	66047	date:	2014-03-07T00:00:00