Sign-up

ID

VAR-200607-0340


CVE

CVE-2006-3574


TITLE

Hitachi Groupmax Collaboration Portal Cross-site scripting vulnerability in products such as

Trust: 0.8

sources: JVNDB: JVNDB-2006-002743

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01). An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. Input passed to unspecified parameters is not properly sanitised before being returned to the user. SOLUTION: Fixes are available (see patch matrix in the vendor's advisory). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS06-014_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2006-3574 // JVNDB: JVNDB-2006-002743 // BID: 18830 // PACKETSTORM: 48004

AFFECTED PRODUCTS

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:7.2

Trust: 1.9

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7.2

Trust: 1.9

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_00

Trust: 1.6

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:6.2

Trust: 1.6

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:06_00

Trust: 1.6

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_00

Trust: 1.6

vendor:hitachimodel:cosminexus collaboration portalscope:lteversion:06_10_b

Trust: 1.0

vendor:hitachimodel:groupmax collaboration portalscope:lteversion:07_10_b

Trust: 1.0

vendor:hitachimodel:groupmax collaboration web clientscope:lteversion:07_10_a

Trust: 1.0

vendor:hitachimodel:cosminexus collaboration portalscope: - version: -

Trust: 0.8

vendor:hitachimodel:groupmax collaboration portalscope: - version: -

Trust: 0.8

vendor:hitachimodel:groupmax collaboration web clientscope:ltversion:07-20-/d

Trust: 0.8

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:07_10_a

Trust: 0.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07_10_b

Trust: 0.6

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:06_10_b

Trust: 0.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6.2

Trust: 0.3

sources: BID: 18830 // JVNDB: JVNDB-2006-002743 // CNNVD: CNNVD-200607-223 // NVD: CVE-2006-3574

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3574
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-3574
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200607-223
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-3574
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2006-002743 // CNNVD: CNNVD-200607-223 // NVD: CVE-2006-3574

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3574

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-223

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 48004 // CNNVD: CNNVD-200607-223

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002743

PATCH
title:HS06-014url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/pdf/HS06-014.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002743

EXTERNAL IDS
db:NVDid:CVE-2006-3574
Trust: 2.4
db:HITACHIid:HS06-014
Trust: 2.0
db:BIDid:18830
Trust: 1.9
db:SECUNIAid:20926
Trust: 1.8
db:VUPENid:ADV-2006-2665
Trust: 1.6
db:JVNDBid:JVNDB-2006-002743
Trust: 0.8
db:XFid:27605
Trust: 0.6
db:CNNVDid:CNNVD-200607-223
Trust: 0.6
db:PACKETSTORMid:48004
Trust: 0.1
sources:
            
            
            BID: 18830 // 
            
            
            
            JVNDB: JVNDB-2006-002743 // 
            
            
            
            PACKETSTORM: 48004 // 
            
            
            
            CNNVD: CNNVD-200607-223 // 
            
            
            
            NVD: CVE-2006-3574

REFERENCES
url:http://www.hitachi-support.com/security_e/vuls_e/hs06-014_e/index-e.html
Trust: 2.0
url:http://www.hitachi-support.com/security_e/vuls_e/hs06-014_e/01-e.html
Trust: 1.9
url:http://www.securityfocus.com/bid/18830
Trust: 1.6
url:http://secunia.com/advisories/20926
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/2665
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27605
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3574
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3574
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/2665
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/27605
Trust: 0.6
url:http://www.owasp.org/index.php/main_page
Trust: 0.3
url:http://secunia.com/advisories/20926/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/10832/
Trust: 0.1
url:http://secunia.com/product/10834/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://secunia.com/product/10835/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/10833/
Trust: 0.1
sources:
            
            
            BID: 18830 // 
            
            
            
            JVNDB: JVNDB-2006-002743 // 
            
            
            
            PACKETSTORM: 48004 // 
            
            
            
            CNNVD: CNNVD-200607-223 // 
            
            
            
            NVD: CVE-2006-3574

CREDITS
Hitachi
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200607-223

SOURCES
db:BIDid:18830
db:JVNDBid:JVNDB-2006-002743
db:PACKETSTORMid:48004
db:CNNVDid:CNNVD-200607-223
db:NVDid:CVE-2006-3574

LAST UPDATE DATE
2024-08-14T15:45:34.042000+00:00

SOURCES UPDATE DATE
db:BIDid:18830date:2006-07-05T20:49:00
db:JVNDBid:JVNDB-2006-002743date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200607-223date:2006-07-17T00:00:00
db:NVDid:CVE-2006-3574date:2017-07-20T01:32:24.787

SOURCES RELEASE DATE
db:BIDid:18830date:2006-07-05T00:00:00
db:JVNDBid:JVNDB-2006-002743date:2012-12-20T00:00:00
db:PACKETSTORMid:48004date:2006-07-08T09:35:52
db:CNNVDid:CNNVD-200607-223date:2006-07-13T00:00:00
db:NVDid:CVE-2006-3574date:2006-07-13T10:05:00