Sign-up

ID

VAR-201406-0501


TITLE

Hitachi COBOL2002 Product XML External Entity Processing Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-03738

DESCRIPTION

Hitachi COBOL2002 is a COBOL running on Japanese XP. Hitachi COBOL2002 products have errors in parsing XML entities, allowing attackers to exploit vulnerabilities through specially crafted XML documents containing references to external entities to obtain local resources or consume large amounts of server resources. Multiple Hitachi COBOL2002 Products is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information or cause denial-of-service conditions. This may lead to further attacks. The following are vulnerable: COBOL2002 Net Developer COBOL2002 Net Client Suite COBOL2002 Net Client Runtime COBOL2002 Net Server Suite COBOL2002 Net Server Runtime COBOL2002 Net Developer(64) COBOL2002 Net Server Suite(64) COBOL2002 Net Server Runtime(64) COBOL2002 Developer Professional

Trust: 0.81

sources: CNVD: CNVD-2014-03738 // BID: 68016

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03738

AFFECTED PRODUCTS

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:3.x

Trust: 0.6

vendor:hitachimodel:cobol2002 net server suite 03-01-/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:03-01

Trust: 0.6

vendor:hitachimodel:cobol2002 net server suite 03-00-/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:03-00

Trust: 0.6

vendor:hitachimodel:cobol2002 net server suite 01-03-/fscope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net developer 03-01-/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net developerscope:eqversion:03-01

Trust: 0.6

vendor:hitachimodel:cobol2002 net developer 03-00-/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net developerscope:eqversion:03-00

Trust: 0.6

vendor:hitachimodel:cobol2002 net developer 01-03-/fscope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net client suite 01-03-/fscope: - version: -

Trust: 0.6

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:02-01(*1)

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suite 02-01-/gscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:02-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suite 02-00-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:02-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:01-03

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suite 01-02-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:01-02

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suite 01-01-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:01-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net server suitescope:eqversion:01-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net server runtime 03-01-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net server runtimescope:eqversion:03-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net server runtime 03-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net server runtimescope:eqversion:03-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net server runtimescope:eqversion:02-01(*1)

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:02-01(*1)

Trust: 0.3

vendor:hitachimodel:cobol2002 net developer 02-01-/gscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net developer 02-01-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:02-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net developer 02-00-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:02-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:01-03

Trust: 0.3

vendor:hitachimodel:cobol2002 net developer 01-02-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:01-02

Trust: 0.3

vendor:hitachimodel:cobol2002 net developer 01-01-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:01-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net developerscope:eqversion:01-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suite 03-01-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:03-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suite 03-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:03-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suite 02-01-/gscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:02-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suite 02-00-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:02-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:01-03

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suite 01-02-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:01-02

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suite 01-01-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:01-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net client suitescope:eqversion:01-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtime 03-01-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtimescope:eqversion:03-01

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtime 03-00-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtimescope:eqversion:03-00

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtime 02-01-/gscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtime 01-03-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 net client runtime 01-02-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 developer professional 03-01-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:cobol2002 developer professionalscope:eqversion:03-01

Trust: 0.3

sources: CNVD: CNVD-2014-03738 // BID: 68016

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-03738
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-03738
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-03738

THREAT TYPE

network

Trust: 0.3

sources: BID: 68016

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 68016

PATCH

title:Patch for Hitachi COBOL2002 Product XML External Entity Processing Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/46504

Trust: 0.6

sources: CNVD: CNVD-2014-03738

EXTERNAL IDS

db:HITACHIid:HS14-014

Trust: 0.9

db:CNVDid:CNVD-2014-03738

Trust: 0.6

db:BIDid:68016

Trust: 0.3

sources: CNVD: CNVD-2014-03738 // BID: 68016

REFERENCES

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-014/index.html

Trust: 0.9

url:http://www.hitachi.com/

Trust: 0.3

sources: CNVD: CNVD-2014-03738 // BID: 68016

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68016

SOURCES

db:CNVDid:CNVD-2014-03738
db:BIDid:68016

LAST UPDATE DATE

2022-05-17T02:07:12.887000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-03738date:2014-06-19T00:00:00
db:BIDid:68016date:2014-06-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-03738date:2014-06-19T00:00:00
db:BIDid:68016date:2014-06-10T00:00:00