Sign-up

ID

VAR-201312-0606


TITLE

Hitachi Cosminexus Product XML External Entity Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-15508

DESCRIPTION

Hitachi Cosminexus is an application server software. Hitachi Cosminexus JAX-WS component has a security vulnerability when parsing XML entities. Allows remote attackers to exploit vulnerabilities to obtain arbitrary file and directory information through specially crafted SOAP messages containing references to external entities, leading to the disclosure of sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2013-15508

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15508

AFFECTED PRODUCTS

vendor:hitachimodel:cosminexusscope:eqversion:8.x

Trust: 0.6

vendor:hitachimodel:ucosminexus application serverscope: - version: -

Trust: 0.6

vendor:hitachimodel:ucosminexus developerscope: - version: -

Trust: 0.6

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.6

vendor:hitachimodel:ucosminexus service platformscope: - version: -

Trust: 0.6

vendor:hitachimodel:cosminexus component containerscope:eqversion:8.x

Trust: 0.6

vendor:hitachimodel:cosminexus component containerscope:eqversion:9.x

Trust: 0.6

vendor:hitachimodel:cosminexusscope:eqversion:9.x

Trust: 0.6

sources: CNVD: CNVD-2013-15508

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-15508
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-15508
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-15508

PATCH

title:Patch for Hitachi Cosminexus Product XML External Entity Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/41953

Trust: 0.6

sources: CNVD: CNVD-2013-15508

EXTERNAL IDS

db:SECUNIAid:56142

Trust: 0.6

db:CNVDid:CNVD-2013-15508

Trust: 0.6

sources: CNVD: CNVD-2013-15508

REFERENCES

url:http://secunia.com/advisories/56142/

Trust: 0.6

sources: CNVD: CNVD-2013-15508

SOURCES

db:CNVDid:CNVD-2013-15508

LAST UPDATE DATE

2022-05-17T01:51:11.342000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-15508date:2013-12-24T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-15508date:2013-12-24T00:00:00