var-201406-0165
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. The vulnerability stems from the program's failure to filter user-supplied input. Attackers use the vulnerability to steal cookie-based authentication certificates and execute arbitrary script code in the context of the browser of the user's affected site. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "6.0.0"
},
{
"model": "jp1\\/performance management-manager web option",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07-54"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "8.0.0"
},
{
"model": "jp1\\/performance management-manager web option",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07-00"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "7.6.1"
},
{
"model": "tuning manager",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "7.1.0"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "6.0"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "6.401"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.0"
},
{
"model": "tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/performance management",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- manager web option"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:jp1\\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4189"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68015"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4189",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "VENDOR",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-002800",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-04907",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4189",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VENDOR",
"id": "JVNDB-2014-002800",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-04907",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-355",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. The vulnerability stems from the program\u0027s failure to filter user-supplied input. Attackers use the vulnerability to steal cookie-based authentication certificates and execute arbitrary script code in the context of the browser of the user\u0027s affected site. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "BID",
"id": "68015"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4189",
"trust": 3.3
},
{
"db": "BID",
"id": "68015",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "58899",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58528",
"trust": 1.6
},
{
"db": "HITACHI",
"id": "HS14-013",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04907",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-355",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"id": "VAR-201406-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
}
],
"trust": 0.96678842
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
}
]
},
"last_update_date": "2023-12-18T12:57:57.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS14-013",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html"
},
{
"title": "Patch for Multiple Hitachi Product Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/48517"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4189"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/68015"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58528"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58899"
},
{
"trust": 1.6,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4188"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4189"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4189"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-tuning-manager.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"db": "BID",
"id": "68015"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"date": "2014-06-10T00:00:00",
"db": "BID",
"id": "68015"
},
{
"date": "2014-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"date": "2014-06-17T14:55:08.597000",
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"date": "2014-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04907"
},
{
"date": "2014-08-06T00:31:00",
"db": "BID",
"id": "68015"
},
{
"date": "2015-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002800"
},
{
"date": "2015-09-02T17:05:08.087000",
"db": "NVD",
"id": "CVE-2014-4189"
},
{
"date": "2014-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002800"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-355"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.