Sign-up

ID

VAR-201406-0165


CVE

CVE-2014-4189


TITLE

Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option

Trust: 0.8

sources: JVNDB: JVNDB-2014-002800

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. These vulnerabilities can not be exploited, unless logging in these products.A remote attackers could insert to malicious scripts during display of the web page. Hitachi Tuning Manager (HTnM) software is a storage performance management application that maps, monitors, and analyzes storage network resources from applications to storage devices. The vulnerability stems from the program's failure to filter user-supplied input. Attackers use the vulnerability to steal cookie-based authentication certificates and execute arbitrary script code in the context of the browser of the user's affected site. Other attacks are also possible

Trust: 2.43

sources: NVD: CVE-2014-4189 // JVNDB: JVNDB-2014-002800 // CNVD: CNVD-2014-04907 // BID: 68015

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04907

AFFECTED PRODUCTS

vendor:hitachimodel:jp1\/performance management-manager web optionscope:eqversion:07-00

Trust: 1.6

vendor:hitachimodel:tuning managerscope:eqversion:6.0.0

Trust: 1.6

vendor:hitachimodel:jp1\/performance management-manager web optionscope:eqversion:07-54

Trust: 1.6

vendor:hitachimodel:tuning managerscope:eqversion:7.6.1

Trust: 1.6

vendor:hitachimodel:tuning managerscope:eqversion:8.0.0

Trust: 1.6

vendor:hitachimodel:tuning managerscope:eqversion:7.1.0

Trust: 1.0

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.0

Trust: 0.9

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.1-00

Trust: 0.9

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.2-00

Trust: 0.9

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.2-01

Trust: 0.9

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.401

Trust: 0.9

vendor:hitachimodel:tuning manager softwarescope:eqversion:7.0

Trust: 0.9

vendor:hitachimodel:tuning managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager web option

Trust: 0.8

vendor:hitachimodel:tuning manager softwarescope:eqversion:7.001

Trust: 0.3

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.402

Trust: 0.3

vendor:hitachimodel:tuning manager softwarescope:eqversion:7.1.0-00

Trust: 0.3

vendor:hitachimodel:tuning manager softwarescope:eqversion:6.4.0-03

Trust: 0.3

sources: CNVD: CNVD-2014-04907 // BID: 68015 // JVNDB: JVNDB-2014-002800 // CNNVD: CNNVD-201406-355 // NVD: CVE-2014-4189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4189
value: MEDIUM

Trust: 1.0

VENDOR: JVNDB-2014-002800
value: LOW

Trust: 0.8

CNVD: CNVD-2014-04907
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201406-355
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-4189
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VENDOR: JVNDB-2014-002800
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-04907
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-04907 // JVNDB: JVNDB-2014-002800 // CNNVD: CNNVD-201406-355 // NVD: CVE-2014-4189

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

problemtype:CWE-352

Trust: 0.8

sources: JVNDB: JVNDB-2014-002800 // NVD: CVE-2014-4189

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-355

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201406-355

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002800

PATCH
title:HS14-013url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html
Trust: 0.8
title:Patch for Multiple Hitachi Product Cross-Site Scripting Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/48517
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-04907 // 
            
            
            
            JVNDB: JVNDB-2014-002800

EXTERNAL IDS
db:NVDid:CVE-2014-4189
Trust: 3.3
db:BIDid:68015
Trust: 1.9
db:SECUNIAid:58899
Trust: 1.6
db:SECUNIAid:58528
Trust: 1.6
db:HITACHIid:HS14-013
Trust: 1.6
db:JVNDBid:JVNDB-2014-002800
Trust: 0.8
db:CNVDid:CNVD-2014-04907
Trust: 0.6
db:CNNVDid:CNNVD-201406-355
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-04907 // 
            
            
            
            BID: 68015 // 
            
            
            
            JVNDB: JVNDB-2014-002800 // 
            
            
            
            CNNVD: CNNVD-201406-355 // 
            
            
            
            NVD: CVE-2014-4189

REFERENCES
url:http://www.securityfocus.com/bid/68015
Trust: 1.6
url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-013/index.html
Trust: 1.6
url:http://secunia.com/advisories/58899
Trust: 1.6
url:http://secunia.com/advisories/58528
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4188
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4189
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4188
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4189
Trust: 0.8
url:http://www.hds.com/products/storage-software/hitachi-tuning-manager.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-04907 // 
            
            
            
            BID: 68015 // 
            
            
            
            JVNDB: JVNDB-2014-002800 // 
            
            
            
            CNNVD: CNNVD-201406-355 // 
            
            
            
            NVD: CVE-2014-4189

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 68015

SOURCES
db:CNVDid:CNVD-2014-04907
db:BIDid:68015
db:JVNDBid:JVNDB-2014-002800
db:CNNVDid:CNNVD-201406-355
db:NVDid:CVE-2014-4189

LAST UPDATE DATE
2024-08-14T14:21:06.865000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04907date:2014-08-11T00:00:00
db:BIDid:68015date:2014-08-06T00:31:00
db:JVNDBid:JVNDB-2014-002800date:2015-03-03T00:00:00
db:CNNVDid:CNNVD-201406-355date:2014-06-18T00:00:00
db:NVDid:CVE-2014-4189date:2015-09-02T17:05:08.087

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-04907date:2014-08-11T00:00:00
db:BIDid:68015date:2014-06-10T00:00:00
db:JVNDBid:JVNDB-2014-002800date:2014-06-12T00:00:00
db:CNNVDid:CNNVD-201406-355date:2014-06-18T00:00:00
db:NVDid:CVE-2014-4189date:2014-06-17T14:55:08.597