Vulnerability CVE-2009-4777


Published: 2010-04-21   Modified: 2012-02-13

Description:
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file."

Type:

CWE-noinfo

Vendor: Hitachi
Product: Jp1/automatic job management system 2-view 
Version:
08-50-08
08-50
08-10-11
08-10
08-01-05
08-01
08-00-13
08-00
07-50-17
07-50
07-11-15
07-11
07-10-11
07-10-10
07-10-/h
07-10
07-00-g1
07-00
06-71-/q
06-71
06-51-/p1
06-51-/p
06-51
06-00-/k
06-00
Product: Jp1/integrated management-view 
Version: 08-50-06; 08-00;
Product: Jp1 integrated management service support 
Version:
08-50-03
08-50-02
08-50-01
08-50
08-11-03
08-11-02
08-11-01
08-11
08-10-05
08-10-04
08-10-03
08-10-02
08-10-01
08-10
Product: Job management partner 1/integrated management-view 
Version: 08-01;
Product: Job management partner 1/automatic job management system 2-view 
Version:
08-00-13
08-00-04
08-00
07-50-17
07-50
07-00-/g
07-00
06-71-m1
06-71-/m
06-71
06-51-n1
06-51-/n
06-51
06-00-/a
06-00
Product: Jp1/cm2/snmp system observer 
Version: 08-00-09; 08-00;
Product: Jp1/integrated manager-view 
Version: 07-51; 07-00;
Product: Jp1/performance management/snmp system observer 
Version:
07-50-09
07-50
07-10-/b
07-10
07-00-/e
07-00
Product: Job management partner 1/performance management/snmp system observer 
Version: 07-00;
Product: Job management partner 1/integrated manager-view 
Version: 07-00;
Product: Jp1/server system observer 
Version:
06-71-03
06-71-/h
06-71
06-51-/f
06-51
Product: Job management partner 1/snmp system observer 
Version:
06-71
06-51-/a
06-51
Product: Job management partner 1/integrated manager-console view 
Version: 06-71; 06-00;
Product: Jp1/integrated manager-console view 
Version: 06-71; 06-00;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://xforce.iss.net/xforce/xfdb/53115
http://www.vupen.com/english/advisories/2009/2576
http://www.securityfocus.com/bid/36311
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html
http://secunia.com/advisories/36646
http://osvdb.org/57832

Related CVE
CVE-2018-14735
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVE-2017-9298
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
CVE-2017-9294
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVE-2017-9295
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2017-9296
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
CVE-2017-9297
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
CVE-2015-1565
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used ...
CVE-2014-4189
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unsp...

Copyright 2019, cxsecurity.com

 

Back to Top