Vulnerability CVE-2007-1853


Published: 2007-04-03   Modified: 2012-02-12

Description:
Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors.

Vendor: Hitachi
Product: Jp1-hicommand replication monitor 
Version:
05_60
05_50_02
05_50_01
05_50
05_40
05_30
05_20
05_10
05_00
04_00
Product: Jp1-hicommand global link availability manager 
Version:
05_60
05_50
05_40
05_30
05_20
05_10
05_00
Product: Jp1-hicommand device manager 
Version:
05_60
05_50_02
05_50_01
05_50
05_10_05
05_10_04
05_10_03
05_10_02
05_10_01
05_10
05_00
Product: Jp1-hicommand tiered storage manager 
Version:
05_50_02
05_50_01
05_50
05_40
05_30
05_20
05_10
05_00
04_00
Product: Jp1-hicommand tuning manager 
Version:
05_50
05_40
05_30
05_20
05_10
05_00
04_00

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://xforce.iss.net/xforce/xfdb/33328
http://www.vupen.com/english/advisories/2007/1169
http://www.securityfocus.com/bid/23210
http://www.hitachi-support.com/security_e/vuls_e/HS07-007_e/index-e.html
http://secunia.com/advisories/24684
http://osvdb.org/34590

Related CVE
CVE-2018-14735
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVE-2017-9298
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
CVE-2017-9294
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVE-2017-9295
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2017-9296
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
CVE-2017-9297
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
CVE-2015-1565
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used ...
CVE-2014-4189
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unsp...

Copyright 2019, cxsecurity.com

 

Back to Top