Sign-up

ID

VAR-200706-0277


CVE

CVE-2007-3043


TITLE

Hitachi Groupmax Collaboration Portal Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-003950

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Hitachi Collaboration Portal Products are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected applications. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.89

sources: NVD: CVE-2007-3043 // JVNDB: JVNDB-2007-003950 // BID: 24263

AFFECTED PRODUCTS

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7_20_e

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:forum_file_share_6_20_d

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6_20_e

Trust: 1.6

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:forum_file_share_7_30_c

Trust: 1.6

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:forum_file_share_7_20_d

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:forum_file_share_6_30_c

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7_30_d

Trust: 1.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6_30_d

Trust: 1.6

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07-30-/d previous file sharing 01-20 to 01-20-/b and 01-30 to 01-30-/b

Trust: 0.8

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:forum/file sharing 07-30-/c before

Trust: 0.8

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06-30-/d before and forum/file sharing 06-30-/c before

Trust: 0.8

vendor:hitachimodel:ucosminexus collaboration portal forum/file shar 6-30-/cscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file shar 6-20-/dscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-20-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharing 7-30-/cscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharing 7-20-/dscope:eqversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/dscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-20-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file shar 6-30-/dscope:neversion: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file shar 6-20-/escope:neversion: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-30-/escope:neversion: -

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal 6-20-/fscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharing 7-30-/dscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharing 7-20-/escope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-30-/escope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portal 7-20-/fscope:neversion: -

Trust: 0.3

sources: BID: 24263 // JVNDB: JVNDB-2007-003950 // CNNVD: CNNVD-200706-034 // NVD: CVE-2007-3043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3043
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-3043
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200706-034
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-3043
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-003950 // CNNVD: CNNVD-200706-034 // NVD: CVE-2007-3043

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-034

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200706-034

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003950

PATCH
title:HS07-011url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS07-011/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003950

EXTERNAL IDS
db:NVDid:CVE-2007-3043
Trust: 2.7
db:HITACHIid:HS07-011
Trust: 1.9
db:BIDid:24263
Trust: 1.9
db:SECUNIAid:25507
Trust: 1.6
db:VUPENid:ADV-2007-2020
Trust: 1.6
db:OSVDBid:36828
Trust: 1.6
db:JVNDBid:JVNDB-2007-003950
Trust: 0.8
db:XFid:34659
Trust: 0.6
db:CNNVDid:CNNVD-200706-034
Trust: 0.6
sources:
            
            
            BID: 24263 // 
            
            
            
            JVNDB: JVNDB-2007-003950 // 
            
            
            
            CNNVD: CNNVD-200706-034 // 
            
            
            
            NVD: CVE-2007-3043

REFERENCES
url:http://www.hitachi-support.com/security_e/vuls_e/hs07-011_e/index-e.html
Trust: 1.9
url:http://www.securityfocus.com/bid/24263
Trust: 1.6
url:http://secunia.com/advisories/25507
Trust: 1.6
url:http://osvdb.org/36828
Trust: 1.6
url:http://www.vupen.com/english/advisories/2007/2020
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34659
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3043
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3043
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2020
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/34659
Trust: 0.6
url:http://www.hitachi.co.jp/prod/comp/soft1/groupmax/product/suiteindex.html#coll
Trust: 0.3
sources:
            
            
            BID: 24263 // 
            
            
            
            JVNDB: JVNDB-2007-003950 // 
            
            
            
            CNNVD: CNNVD-200706-034 // 
            
            
            
            NVD: CVE-2007-3043

CREDITS
The vendor disclosed these issues.
Trust: 0.9
sources:
            
            
            BID: 24263 // 
            
            
            
            CNNVD: CNNVD-200706-034

SOURCES
db:BIDid:24263
db:JVNDBid:JVNDB-2007-003950
db:CNNVDid:CNNVD-200706-034
db:NVDid:CVE-2007-3043

LAST UPDATE DATE
2024-08-14T14:22:25.884000+00:00

SOURCES UPDATE DATE
db:BIDid:24263date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-003950date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-034date:2007-06-11T00:00:00
db:NVDid:CVE-2007-3043date:2017-07-29T01:31:55.893

SOURCES RELEASE DATE
db:BIDid:24263date:2007-06-01T00:00:00
db:JVNDBid:JVNDB-2007-003950date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200706-034date:2007-06-05T00:00:00
db:NVDid:CVE-2007-3043date:2007-06-05T23:30:00