Vulnerability CVE-2007-1093


Published: 2007-02-26   Modified: 2012-02-12

Description:
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

Vendor: Hitachi
Product: Jp1-cm2-network node manager starter 
Version: 08_00_01; 08_00;
Product: Jp1-cm2-network node manager starter 250 
Version: 08_00_01; 08_00;
Product: Jp1-cm2-network node manager 
Version:
07_10_04
07_00
06_71_d
06_71_c
06_51
06_50_a
06_00
05_20_f
05_20_e
05_20
Product: Jp1-cm2-network node manager 250 
Version:
06_71_d
06_71_c
06_51
06_50_a
06_00
05_20_f
05_20_e
05_20
Product: Cm2-network node manager 250 
Version:
05_00_c
05_00_a
05_00
Product: Cm2-network node manager 
Version: 05_00_c; 05_00;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.hitachi-support.com/security_e/vuls_e/HS07-002_e/index-e.html
http://secunia.com/advisories/24276
http://xforce.iss.net/xforce/xfdb/32683
http://xforce.iss.net/xforce/xfdb/32682
http://www.vupen.com/english/advisories/2007/0739
http://osvdb.org/33529
http://osvdb.org/33528

Related CVE
CVE-2018-14735
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVE-2017-9298
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
CVE-2017-9294
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVE-2017-9295
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2017-9296
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
CVE-2017-9297
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
CVE-2015-1565
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used ...
CVE-2014-4189
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unsp...

Copyright 2019, cxsecurity.com

 

Back to Top