VAR-201406-0164
Vulnerability from variot - Updated: 2023-12-18 12:57Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. A remote attacker can use the vulnerability to construct a malicious URI, induce users to parse, obtain sensitive cookies, hijack sessions or perform malicious operations on the client.
- Allow remote attackers to construct malicious URIs to induce users to parse and perform malicious operations on the target user context. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "6.0.0"
},
{
"model": "jp1\\/performance management-manager web option",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07-54"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "7.1.0"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "8.0.0"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "7.6.1"
},
{
"model": "jp1\\/performance management-manager web option",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "07-00"
},
{
"model": "tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- manager web option"
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68015"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "VENDOR",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-002800",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-03739",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4188",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VENDOR",
"id": "JVNDB-2014-002800",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-03739",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-354",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. A remote attacker can use the vulnerability to construct a malicious URI, induce users to parse, obtain sensitive cookies, hijack sessions or perform malicious operations on the client. \n\n2. Allow remote attackers to construct malicious URIs to induce users to parse and perform malicious operations on the target user context. \nAn attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "BID",
"id": "68015"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4188",
"trust": 3.3
},
{
"db": "HITACHI",
"id": "HS14-013",
"trust": 2.2
},
{
"db": "BID",
"id": "68015",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "58899",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58528",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-03739",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-354",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"id": "VAR-201406-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
}
],
"trust": 0.96678842
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
}
]
},
"last_update_date": "2023-12-18T12:57:57.453000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS14-013",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html"
},
{
"title": "Patch for Hitachi Tuning Manager / JP1 / Performance Management Multiple Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46503"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58528"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58899"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/68015"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4188"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4189"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4189"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-tuning-manager.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"date": "2014-06-10T00:00:00",
"db": "BID",
"id": "68015"
},
{
"date": "2014-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"date": "2014-06-17T14:55:08.517000",
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"date": "2014-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03739"
},
{
"date": "2014-08-06T00:31:00",
"db": "BID",
"id": "68015"
},
{
"date": "2015-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"date": "2015-09-02T17:04:20.887000",
"db": "NVD",
"id": "CVE-2014-4188"
},
{
"date": "2014-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-354"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…