cvelistv5 - cve-2014-4188

cve-2014-4188

Vulnerability from cvelistv5

Published

2014-06-17 14:00

Modified

2024-08-06 11:04

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/58528
cve@mitre.org	http://secunia.com/advisories/58899
cve@mitre.org	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/68015
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58528
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58899
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68015

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:28.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
          },
          {
            "name": "58899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58899"
          },
          {
            "name": "58528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58528"
          },
          {
            "name": "68015",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-01T14:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
        },
        {
          "name": "58899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58899"
        },
        {
          "name": "58528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58528"
        },
        {
          "name": "68015",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4188",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
            },
            {
              "name": "58899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58899"
            },
            {
              "name": "58528",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58528"
            },
            {
              "name": "68015",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4188",
    "datePublished": "2014-06-17T14:00:00",
    "dateReserved": "2014-06-17T00:00:00",
    "dateUpdated": "2024-08-06T11:04:28.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*\", \"matchCriteriaId\": \"C2D6F82F-D36F-45EB-83CA-350C32B2F913\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"124F0CA3-2B4F-43BF-B436-CFCE814ED20F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*\", \"matchCriteriaId\": \"80CD2867-EFB2-4AA8-BB4B-A86F031B32AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"36D09E80-3314-441A-B5CB-D07F72DC437F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*\", \"matchCriteriaId\": \"8DE9C139-F3DF-4B2C-BC5A-42218A748F0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"1CC03C39-9C47-4517-8A99-6ADDAD4E37F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*\", \"matchCriteriaId\": \"F5DF2298-86DF-424D-AF8B-8EE72B995E1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*\", \"matchCriteriaId\": \"E420F81C-DE06-4F50-BE36-56913E54F265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*\", \"matchCriteriaId\": \"0E99CC94-C6DF-448A-8A80-9136A89172E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*\", \"matchCriteriaId\": \"F41EA3F4-CEBD-4A0B-B2DE-0EACD4C968C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"7224A2E2-4AD0-402C-B436-911A0576F165\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*\", \"matchCriteriaId\": \"C00F1AA9-E56B-4964-92EF-6A2358A12628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*\", \"matchCriteriaId\": \"087E89B5-288B-4377-83C4-633AC797FAA1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de CSRF en Hitachi Tuning Manager anterior a 7.6.1-06 y 8.x anterior a 8.0.0-04 y JP1/Performance Management - Manager Web Option 07-00 hasta 07-54 permite a atacantes remotos secuestrar la autenticaci\\u00f3n de victimas no especificadas a trav\\u00e9s de vectores desconocidos.\"}]",
      "id": "CVE-2014-4188",
      "lastModified": "2024-11-21T02:09:38.880",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-06-17T14:55:08.517",
      "references": "[{\"url\": \"http://secunia.com/advisories/58528\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/58899\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/68015\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/58528\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/58899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/68015\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4188\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-06-17T14:55:08.517\",\"lastModified\":\"2024-11-21T02:09:38.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de CSRF en Hitachi Tuning Manager anterior a 7.6.1-06 y 8.x anterior a 8.0.0-04 y JP1/Performance Management - Manager Web Option 07-00 hasta 07-54 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*\",\"matchCriteriaId\":\"C2D6F82F-D36F-45EB-83CA-350C32B2F913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"124F0CA3-2B4F-43BF-B436-CFCE814ED20F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*\",\"matchCriteriaId\":\"80CD2867-EFB2-4AA8-BB4B-A86F031B32AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:jp1\\\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"36D09E80-3314-441A-B5CB-D07F72DC437F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*\",\"matchCriteriaId\":\"8DE9C139-F3DF-4B2C-BC5A-42218A748F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"1CC03C39-9C47-4517-8A99-6ADDAD4E37F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*\",\"matchCriteriaId\":\"F5DF2298-86DF-424D-AF8B-8EE72B995E1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*\",\"matchCriteriaId\":\"E420F81C-DE06-4F50-BE36-56913E54F265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*\",\"matchCriteriaId\":\"0E99CC94-C6DF-448A-8A80-9136A89172E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*\",\"matchCriteriaId\":\"F41EA3F4-CEBD-4A0B-B2DE-0EACD4C968C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"7224A2E2-4AD0-402C-B436-911A0576F165\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*\",\"matchCriteriaId\":\"C00F1AA9-E56B-4964-92EF-6A2358A12628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*\",\"matchCriteriaId\":\"087E89B5-288B-4377-83C4-633AC797FAA1\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/58528\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/58899\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68015\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/58528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2014-4188

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-4188

Aliases

CVE-2014-4188

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4188",
    "description": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.",
    "id": "GSD-2014-4188"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4188"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.",
      "id": "GSD-2014-4188",
      "modified": "2023-12-13T01:22:45.108004Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-4188",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
          },
          {
            "name": "58899",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/58899"
          },
          {
            "name": "58528",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/58528"
          },
          {
            "name": "68015",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/68015"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4188"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "58899",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/58899"
            },
            {
              "name": "58528",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/58528"
            },
            {
              "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
            },
            {
              "name": "68015",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/68015"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2015-09-02T17:04Z",
      "publishedDate": "2014-06-17T14:55Z"
    }
  }
}

cve-2014-4188

Vulnerability from jvndb

Published

2014-06-12 11:43

Modified

2015-03-03 16:59

Severity ?

() - -

Summary

Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option

Details

Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option contains cross-site scripting and cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4188
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4189
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4188
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4189
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	JP1/Performance Management
	Hitachi, Ltd	Hitachi Tuning Manager

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002800.html",
  "dc:date": "2015-03-03T16:59+09:00",
  "dcterms:issued": "2014-06-12T11:43+09:00",
  "dcterms:modified": "2015-03-03T16:59+09:00",
  "description": "Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option contains cross-site scripting and cross-site request forgery (CSRF) vulnerabilities.\r\n\r\nThese vulnerabilities can not be exploited, unless logging in these products.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002800.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:jp1%2fperformance_management",
      "@product": "JP1/Performance Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:tuning_manager",
      "@product": "Hitachi Tuning Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "3.5",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-002800",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4188",
      "@id": "CVE-2014-4188",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4189",
      "@id": "CVE-2014-4189",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4188",
      "@id": "CVE-2014-4188",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4189",
      "@id": "CVE-2014-4189",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option"
}

ghsa-g7px-gfpq-5hgf

Vulnerability from github

Published

2022-05-17 04:08

Modified

2022-05-17 04:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-17T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.",
  "id": "GHSA-g7px-gfpq-5hgf",
  "modified": "2022-05-17T04:08:35Z",
  "published": "2022-05-17T04:08:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4188"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58528"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58899"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/68015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-201406-0164

Vulnerability from variot

Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. A remote attacker can use the vulnerability to construct a malicious URI, induce users to parse, obtain sensitive cookies, hijack sessions or perform malicious operations on the client.

Allow remote attackers to construct malicious URIs to induce users to parse and perform malicious operations on the target user context. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0164",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tuning manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "6.0.0"
      },
      {
        "model": "jp1\\/performance management-manager web option",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "07-54"
      },
      {
        "model": "tuning manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "7.1.0"
      },
      {
        "model": "tuning manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "8.0.0"
      },
      {
        "model": "tuning manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hitachi",
        "version": "7.6.1"
      },
      {
        "model": "jp1\\/performance management-manager web option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "07-00"
      },
      {
        "model": "tuning manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager web option"
      },
      {
        "model": "jp1/performance management",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7.001"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7.0"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.402"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.401"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.2-01"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.2-00"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.1-00"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.0"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "7.1.0-00"
      },
      {
        "model": "tuning manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6.4.0-03"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "BID",
        "id": "68015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "68015"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-4188",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "VENDOR",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2014-002800",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-03739",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-4188",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VENDOR",
            "id": "JVNDB-2014-002800",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-03739",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201406-354",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. A remote attacker can use the vulnerability to construct a malicious URI, induce users to parse, obtain sensitive cookies, hijack sessions or perform malicious operations on the client. \n\n2. Allow remote attackers to construct malicious URIs to induce users to parse and perform malicious operations on the target user context. \nAn attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "BID",
        "id": "68015"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-4188",
        "trust": 3.3
      },
      {
        "db": "HITACHI",
        "id": "HS14-013",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "68015",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "58899",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58528",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "BID",
        "id": "68015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "id": "VAR-201406-0164",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      }
    ],
    "trust": 0.96678842
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:57.453000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS14-013",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html"
      },
      {
        "title": "Patch for Hitachi Tuning Manager / JP1 / Performance Management Multiple Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/46503"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58528"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58899"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/68015"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4188"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4189"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4188"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4189"
      },
      {
        "trust": 0.3,
        "url": "http://www.hds.com/products/storage-software/hitachi-tuning-manager.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "BID",
        "id": "68015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "db": "BID",
        "id": "68015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "date": "2014-06-10T00:00:00",
        "db": "BID",
        "id": "68015"
      },
      {
        "date": "2014-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "date": "2014-06-17T14:55:08.517000",
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "date": "2014-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-03739"
      },
      {
        "date": "2014-08-06T00:31:00",
        "db": "BID",
        "id": "68015"
      },
      {
        "date": "2015-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      },
      {
        "date": "2015-09-02T17:04:20.887000",
        "db": "NVD",
        "id": "CVE-2014-4188"
      },
      {
        "date": "2014-06-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002800"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-354"
      }
    ],
    "trust": 0.6
  }
}

cve-2014-4188

Vulnerability from fkie_nvd

Published

2014-06-17 14:55

Modified

2024-11-21 02:09

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/58528
cve@mitre.org	http://secunia.com/advisories/58899
cve@mitre.org	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/68015
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58528
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58899
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68015

Impacted products

Vendor	Product	Version
hitachi	jp1\/performance_management-manager_web_option	07-00
hitachi	jp1\/performance_management-manager_web_option	07-00
hitachi	jp1\/performance_management-manager_web_option	07-54
hitachi	jp1\/performance_management-manager_web_option	07-54
hitachi	tuning_manager	6.0.0
hitachi	tuning_manager	6.0.0
hitachi	tuning_manager	7.1.0
hitachi	tuning_manager	7.6.1
hitachi	tuning_manager	7.6.1
hitachi	tuning_manager	8.0.0
hitachi	tuning_manager	8.0.0
hitachi	tuning_manager	8.0.0
hitachi	tuning_manager	8.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*",
              "matchCriteriaId": "C2D6F82F-D36F-45EB-83CA-350C32B2F913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*",
              "matchCriteriaId": "124F0CA3-2B4F-43BF-B436-CFCE814ED20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*",
              "matchCriteriaId": "80CD2867-EFB2-4AA8-BB4B-A86F031B32AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*",
              "matchCriteriaId": "36D09E80-3314-441A-B5CB-D07F72DC437F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*",
              "matchCriteriaId": "8DE9C139-F3DF-4B2C-BC5A-42218A748F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "1CC03C39-9C47-4517-8A99-6ADDAD4E37F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*",
              "matchCriteriaId": "F5DF2298-86DF-424D-AF8B-8EE72B995E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*",
              "matchCriteriaId": "E420F81C-DE06-4F50-BE36-56913E54F265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*",
              "matchCriteriaId": "0E99CC94-C6DF-448A-8A80-9136A89172E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*",
              "matchCriteriaId": "F41EA3F4-CEBD-4A0B-B2DE-0EACD4C968C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "7224A2E2-4AD0-402C-B436-911A0576F165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*",
              "matchCriteriaId": "C00F1AA9-E56B-4964-92EF-6A2358A12628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*",
              "matchCriteriaId": "087E89B5-288B-4377-83C4-633AC797FAA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en Hitachi Tuning Manager anterior a 7.6.1-06 y 8.x anterior a 8.0.0-04 y JP1/Performance Management - Manager Web Option 07-00 hasta 07-54 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2014-4188",
  "lastModified": "2024-11-21T02:09:38.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-06-17T14:55:08.517",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/58528"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/58899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/68015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68015"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-4188

Vulnerability from cvelistv5

gsd-2014-4188

Vulnerability from gsd

cve-2014-4188

Vulnerability from jvndb

ghsa-g7px-gfpq-5hgf

Vulnerability from github

var-201406-0164

Vulnerability from variot

cve-2014-4188

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature