var-201307-0480
Vulnerability from variot
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Users without administrative privileges may obtain administrative privileges. Multiple Hitachi products have security holes that allow local attackers to use the holes to elevate privileges.
No detailed vulnerability details are provided at this time. A local attacker may leverage these issues to escalate privileges. This may lead to other attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0480", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "03-00-08" }, { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "03-00-07" }, { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "03-00-04" }, { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "03-00" }, { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "02-50-07" }, { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "02-50-06" }, { "model": "it operations director", "scope": "eq", "trust": 1.9, "vendor": "hitachi", "version": "02-50-01" }, { "model": "it operations director", "scope": "eq", "trust": 1.6, "vendor": "hitachi", "version": "03-00-12" }, { "model": "it operations director", "scope": "eq", "trust": 1.6, "vendor": "hitachi", "version": "04-00" }, { "model": "it operations director", "scope": "eq", "trust": 1.6, "vendor": "hitachi", "version": "04-00-01" }, { "model": "it operations director", "scope": null, "trust": 1.4, "vendor": "hitachi", "version": null }, { "model": "jp1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "10-01-02" }, { "model": "it operations director", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "02-50" }, { "model": "jp1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "10-01" }, { "model": "jp1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "09-51" }, { "model": "job management partner 1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "09-50-03" }, { "model": "jp1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "10-00" }, { "model": "job management partner 1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "09-50" }, { "model": "jp1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "10-00-02" }, { "model": "jp1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "09-51-05" }, { "model": "job management partner 1\\/it desktop management-manager", "scope": "eq", "trust": 1.0, "vendor": "hitachi", "version": "10-01" }, { "model": "job management partner 1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/it desktop management", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-06" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "BID", "id": "61459" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "NVD", "id": "CVE-2013-4697" }, { "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/it_desktop_management-manager:09-51-05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/it_desktop_management-manager:10-00-02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/it_desktop_management-manager:10-01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/it_desktop_management-manager:10-01-02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/it_desktop_management-manager:09-51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/it_desktop_management-manager:10-00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hitachi:job_management_partner_1\\/it_desktop_management-manager:09-50-03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:job_management_partner_1\\/it_desktop_management-manager:09-50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:job_management_partner_1\\/it_desktop_management-manager:10-01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:03-00-07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:03-00-12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:02-50-01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:02-50-06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:02-50-07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:03-00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:03-00-04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:04-00-01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:02-50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:03-00-08:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hitachi:it_operations_director:04-00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-4697" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Taizo Tsukamoto of GLOBAL SECURITY EXPERTS Inc.", "sources": [ { "db": "BID", "id": "61459" } ], "trust": 0.3 }, "cve": "CVE-2013-4697", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "IPA", "availabilityImpact": "None", "baseScore": 5.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2013-000076", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 3.2, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.1, "id": "CNVD-2013-11031", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-4697", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2013-000076", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2013-11031", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201307-665", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "NVD", "id": "CVE-2013-4697" }, { "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Users without administrative privileges may obtain administrative privileges. Multiple Hitachi products have security holes that allow local attackers to use the holes to elevate privileges. \n\nNo detailed vulnerability details are provided at this time. \nA local attacker may leverage these issues to escalate privileges. This may lead to other attacks", "sources": [ { "db": "NVD", "id": "CVE-2013-4697" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "BID", "id": "61459" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-4697", "trust": 3.3 }, { "db": "JVN", "id": "JVN00065218", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2013-000076", "trust": 2.4 }, { "db": "HITACHI", "id": "HS13-017", "trust": 2.2 }, { "db": "BID", "id": "61459", "trust": 0.9 }, { "db": "SECUNIA", "id": "54231", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2013-11031", "trust": 0.6 }, { "db": "JVN", "id": "JVN#00065218", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201307-665", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "BID", "id": "61459" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "NVD", "id": "CVE-2013-4697" }, { "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "id": "VAR-201307-0480", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" } ], "trust": 0.78666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" } ] }, "last_update_date": "2023-12-18T12:52:06.941000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HS13-017", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-017/index.html" }, { "title": "Patch for Unknown Local Privilege Escalation Vulnerability in Hitachi Multiple Products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/36558" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "NVD", "id": "CVE-2013-4697" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://jvn.jp/en/jp/jvn00065218/index.html" }, { "trust": 2.2, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-017/index.html" }, { "trust": 1.6, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000076" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4697" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4697" }, { "trust": 0.6, "url": "http://www.secunia.com/advisories/54231/" }, { "trust": 0.3, "url": "http://www.hitachi.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "BID", "id": "61459" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "NVD", "id": "CVE-2013-4697" }, { "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2013-11031" }, { "db": "BID", "id": "61459" }, { "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "db": "NVD", "id": "CVE-2013-4697" }, { "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-08-01T00:00:00", "db": "CNVD", "id": "CNVD-2013-11031" }, { "date": "2013-07-26T00:00:00", "db": "BID", "id": "61459" }, { "date": "2013-07-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "date": "2013-07-31T13:20:19.103000", "db": "NVD", "id": "CVE-2013-4697" }, { "date": "2013-07-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-08-01T00:00:00", "db": "CNVD", "id": "CNVD-2013-11031" }, { "date": "2013-08-01T18:27:00", "db": "BID", "id": "61459" }, { "date": "2013-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-000076" }, { "date": "2013-07-31T13:20:19.103000", "db": "NVD", "id": "CVE-2013-4697" }, { "date": "2013-08-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201307-665" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201307-665" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-000076" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201307-665" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.