Details of VAR-200604-0404

ID

VAR-200604-0404

CVE

CVE-2006-1574

TITLE

Hitachi Groupmax Desktop for Scheduler World Wide Web Unknown Cross-Site Scripting Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-1972

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.71

sources: NVD: CVE-2006-1574 // CNVD: CNVD-2006-1972 // BID: 17337

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-1972

AFFECTED PRODUCTS

vendor:	hitachi	model:	groupmax world wide web desktop scheduler	scope:	eq	version:	5	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	5	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web scheduler	scope:	eq	version:	3	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web	scope:	eq	version:	2	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	6	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web	scope:	eq	version:	3	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web scheduler	scope:	eq	version:	2	Trust: 1.6
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	*	Trust: 1.0
vendor:	groupmax	model:	world wide web hitachi	scope:	eq	version:	2	Trust: 0.6
vendor:	groupmax	model:	world wide web hitachi	scope:	eq	version:	3	Trust: 0.6
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	groupmax world wide web for scheduler	scope:	eq	version:	03-11	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web for scheduler	scope:	eq	version:	03-10	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web for scheduler	scope:	eq	version:	03-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web for scheduler 02-31-/a	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web for scheduler	scope:	eq	version:	02-20	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web for scheduler	scope:	eq	version:	02-10	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web for scheduler	scope:	eq	version:	02-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop for scheduler 05-11-/a	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop for scheduler	scope:	eq	version:	05-11	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop for scheduler	scope:	eq	version:	05-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop for jichitai 06-52-/a	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop for jichitai	scope:	eq	version:	06-52	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop for jichitai	scope:	eq	version:	06-51	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-52-/e	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-52-/c	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-52-/b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	06-52	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-51-/c	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-51-/b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	06-51	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-50-/c	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-50-/b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	06-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 05-11-/j	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 05-11-/i	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 05-11-/f	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop	scope:	eq	version:	05-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web 03-11-/b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web 03-10-/h	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web	scope:	eq	version:	03-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web 02-31-/i	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web 02-31-/e	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web 02-20-/a	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web	scope:	eq	version:	02-20	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web	scope:	eq	version:	02-10	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web	scope:	eq	version:	02-00	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web desktop 06-52-/f	scope:	ne	version:	-	Trust: 0.3
vendor:	hitachi	model:	groupmax world wide web 06-52-/f	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2006-1972 // BID: 17337 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1574
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2006-1972
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200603-521
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-1574
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-1972
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-1972 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1574

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-521

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200603-521

EXTERNAL IDS

db:	BID	id:	17337	Trust: 2.5
db:	NVD	id:	CVE-2006-1574	Trust: 2.2
db:	HITACHI	id:	HS06-005	Trust: 1.9
db:	VUPEN	id:	ADV-2006-1180	Trust: 1.6
db:	SECUNIA	id:	19483	Trust: 1.6
db:	OSVDB	id:	24295	Trust: 1.6
db:	CNVD	id:	CNVD-2006-1972	Trust: 0.6
db:	XF	id:	25574	Trust: 0.6
db:	CNNVD	id:	CNNVD-200603-521	Trust: 0.6

sources: CNVD: CNVD-2006-1972 // BID: 17337 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

REFERENCES

url:	http://www.securityfocus.com/bid/17337	Trust: 2.2
url:	http://www.hitachi-support.com/security_e/vuls_e/hs06-005_e/index-e.html	Trust: 1.9
url:	http://secunia.com/advisories/19483	Trust: 1.6
url:	http://www.osvdb.org/24295	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2006/1180	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/25574	Trust: 1.0
url:	http://www.frsirt.com/english/advisories/2006/1180	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/25574	Trust: 0.6
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/prod/groupmax/index.html	Trust: 0.3

sources: CNVD: CNVD-2006-1972 // BID: 17337 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

CREDITS

The vendor disclosed this issue.

Trust: 0.9

sources: BID: 17337 // CNNVD: CNNVD-200603-521

SOURCES

db:	CNVD	id:	CNVD-2006-1972
db:	BID	id:	17337
db:	CNNVD	id:	CNNVD-200603-521
db:	NVD	id:	CVE-2006-1574

LAST UPDATE DATE

2024-08-14T14:47:59.476000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-1972	date:	2006-03-31T00:00:00
db:	BID	id:	17337	date:	2006-04-03T17:58:00
db:	CNNVD	id:	CNNVD-200603-521	date:	2006-04-03T00:00:00
db:	NVD	id:	CVE-2006-1574	date:	2017-07-20T01:30:43.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-1972	date:	2006-03-31T00:00:00
db:	BID	id:	17337	date:	2006-03-31T00:00:00
db:	CNNVD	id:	CNNVD-200603-521	date:	2006-03-31T00:00:00
db:	NVD	id:	CVE-2006-1574	date:	2006-04-01T00:04:00