jvndb - jvndb-2013-005669

jvndb-2013-005669

Vulnerability from jvndb

Published

2013-12-25 19:13

Modified

2013-12-25 19:13

Severity ?

() - -

Summary

Xml eXternal Entity Vulnerability in Hitachi Cosminexus

Details

When using Cosminexus JAX-WS, XXE (Xml eXternal Entity) in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage.

References

▼	Type	URL

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Component Container
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-005669.html",
   "dc:date": "2013-12-25T19:13+09:00",
   "dcterms:issued": "2013-12-25T19:13+09:00",
   "dcterms:modified": "2013-12-25T19:13+09:00",
   description: "When using Cosminexus JAX-WS, XXE (Xml eXternal Entity) in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage.",
   link: "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-005669.html",
   "sec:cpe": [
      {
         "#text": "cpe:/a:hitachi:cosminexus_component_container",
         "@product": "Cosminexus Component Container",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_application_server",
         "@product": "uCosminexus Application Server",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
         "@product": "uCosminexus Application Server Enterprise",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
         "@product": "uCosminexus Application Server Smart Edition",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
         "@product": "uCosminexus Application Server Standard",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_developer",
         "@product": "uCosminexus Developer",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
         "@product": "uCosminexus Developer Light",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
         "@product": "uCosminexus Developer Standard",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
         "@product": "uCosminexus Service Architect",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
         "@product": "uCosminexus Service Platform",
         "@vendor": "Hitachi, Ltd",
         "@version": "2.2",
      },
   ],
   "sec:cvss": {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
      "@version": "2.0",
   },
   "sec:identifier": "JVNDB-2013-005669",
   "sec:references": {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)",
   },
   title: "Xml eXternal Entity Vulnerability in Hitachi Cosminexus",
}

jvndb-2013-005669

Vulnerability from jvndb

Tags

Sightings

Nomenclature

Action not permitted

jvndb-2013-005669

Vulnerability from jvndb

Tags

Sightings

Nomenclature