Details of VAR-201706-1151

ID

VAR-201706-1151

TITLE

Multiple Vulnerabilities in Hitachi IT Operations Director and JP1/IT Desktop Management

Trust: 0.8

sources: JVNDB: JVNDB-2017-003108

DESCRIPTION

A cross-site scripting and an XML external entity (XXE) vulnerability have been found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager.An attacker may conduct a cross-site scripting attack and a XML external entity (XXE) attack.

Trust: 0.8

sources: JVNDB: JVNDB-2017-003108

AFFECTED PRODUCTS

vendor:	hitachi	model:	it operations director	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/it desktop management	scope:	eq	version:	2 - manager	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/it desktop management - manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - manager	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - operations director	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management - manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-003108

CVSS

SEVERITY

CVSSV2

CVSSV3

VENDOR:	JVNDB-2017-003108
value:	HIGH
Trust: 0.8

VENDOR:	JVNDB-2017-003108
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

VENDOR:	JVNDB-2017-003108
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2017-003108

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003108

PATCH

title:

hitachi-sec-2017-112

url:

http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-112/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2017-003108

EXTERNAL IDS

db:

JVNDB

id:

JVNDB-2017-003108

Trust: 0.8

sources: JVNDB: JVNDB-2017-003108

SOURCES

db:

JVNDB

id:

JVNDB-2017-003108

LAST UPDATE DATE

2022-05-04T10:12:08.552000+00:00

SOURCES UPDATE DATE

db:

JVNDB

id:

JVNDB-2017-003108

date:

2017-06-30T00:00:00

SOURCES RELEASE DATE

db:

JVNDB

id:

JVNDB-2017-003108

date:

2017-06-30T00:00:00