PT-2014-5723 · Hitachi · Hitachi Tuning Manager+1

Publicado

2014-06-17

Atualizado

2015-09-02

CVE-2014-4189

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Hitachi Tuning Manager versions prior to 7.6.1-06 Hitachi Tuning Manager versions 8.x prior to 8.0.0-04 JP1/Performance Management - Manager Web Option versions 07-00 through 07-54

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For Hitachi Tuning Manager versions prior to 7.6.1-06, update to version 7.6.1-06 or later. For Hitachi Tuning Manager versions 8.x prior to 8.0.0-04, update to version 8.0.0-04 or later. For JP1/Performance Management - Manager Web Option versions 07-00 through 07-54, consider disabling web script injection capabilities until a patch is available.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-4189

Produtos afetados

Hitachi Tuning Manager

Jp1/Performance Management - Manager Web Option

PT-2014-5723 · Hitachi · Hitachi Tuning Manager+1

CVE-2014-4189

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5