PT-2014-5722 · Hitachi · Hitachi Tuning Manager+1

Publicado

2014-06-17

Atualizado

2015-09-02

CVE-2014-4188

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Hitachi Tuning Manager versions prior to 7.6.1-06 Hitachi Tuning Manager versions 8.x prior to 8.0.0-04 JP1/Performance Management - Manager Web Option versions 07-00 through 07-54

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims via unknown vectors.

Recommendations For Hitachi Tuning Manager versions prior to 7.6.1-06, update to version 7.6.1-06 or later. For Hitachi Tuning Manager versions 8.x prior to 8.0.0-04, update to version 8.0.0-04 or later. For JP1/Performance Management - Manager Web Option versions 07-00 through 07-54, consider disabling web options or restricting access until an update is available.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2014-4188

Produtos afetados

Hitachi Tuning Manager

Jp1/Performance Management - Manager Web Option

PT-2014-5722 · Hitachi · Hitachi Tuning Manager+1

CVE-2014-4188

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5