Taku Toyama

**Name of the Vulnerable Software and Affected Versions** Hitachi JP1/Performance Management - Manager versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Base versions 09-00 through 10-50-* Hitachi JP1/Performance Management - Agent Option for Application Server versions 11-00 through 11-50-15 Hitachi JP1/Performance Management - Agent Option for Enterprise Applications versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for HiRDB versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino versions 10-00 through 11-50-15 Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Agent Option for Oracle versions 09-00 through 12-10-07 Hitachi JP1/Performance Management - Agent Option for Platform versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Agent Option for Service Response versions 09-00 through 11-50-15 Hitachi JP1/Performance Management - Agent Option for Transaction System versions 11-00 through 12-00-13 Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Remote Monitor for Oracle versions 09-00 through 12-10-07 Hitachi JP1/Performance Management - Remote Monitor for Platform versions 09-00 through 12-10-07 Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine versions 10-00 through 12-50-06 Hitachi JP1/Performance Management - Agent Option for Domino version 09-00 Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for JP1/AJS3 versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for OpenTP1 versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for Virtual Machine versions 09-00 through 09-01-* **Description** The issue is related to incorrect default permissions in Hitachi JP1/Performance Management on Windows, allowing file manipulation. This can enable an attacker to access files and directories. **Recommendations** For Hitachi JP1/Performance Management - Manager versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Base versions 09-00 through 10-50-*, update to a version after 10-50-*. For Hitachi JP1/Performance Management - Agent Option for Application Server versions 11-00 through 11-50-15, update to a version after 11-50-15. For Hitachi JP1/Performance Management - Agent Option for Enterprise Applications versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for HiRDB versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino versions 10-00 through 11-50-15, update to a version after 11-50-15. For Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Agent Option for Oracle versions 09-00 through 12-10-07, update to a version after 12-10-07. For Hitachi JP1/Performance Management - Agent Option for Platform versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Agent Option for Service Response versions 09-00 through 11-50-15, update to a version after 11-50-15. For Hitachi JP1/Performance Management - Agent Option for Transaction System versions 11-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Remote Monitor for Oracle versions 09-00 through 12-10-07, update to a version after 12-10-07. For Hitachi JP1/Performance Management - Remote Monitor for Platform versions 09-00 through 12-10-07, update to a version after 12-10-07. For Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine versions 10-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Agent Option for Domino version 09-00, update to a version after 09-00. For Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server versions 09-00 through 10-00-*, update to a version after 10-00-*. For Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ versions 09-00 through 10-00-*, update to a version after 10-00-*. For Hitachi JP1/Performance Management - Agent Option for JP1/AJS3 versions 09-00 through 10-00-*, update to a version after 10-00-*. For Hitachi JP1/Performance Management - Agent Option for OpenTP1 versions 09-00 through 10-00-*, update to a version after 10-00-*. For Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server versions 09-00 through 10-00-*, update to a version after 10-00-*. For Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server versions 09-00 through 10-00-*, update to a version after 10-00-*. For Hitachi JP1/Performance Management - Agent Option for Virtual Machine versions 09-00 through 09-01-*, update to a version after 09-01-*.

**Name of the Vulnerable Software and Affected Versions** XBRL data create application versions 7.0 and earlier **Description** The issue is related to the improper restriction of XML external entity references (XXE) in the XBRL data create application. This allows an attacker to read arbitrary files on the system by processing a specially crafted XBRL file. **Recommendations** For versions 7.0 and earlier, consider disabling the XBRL file processing feature until a patch is available to prevent potential exploitation of the XXE issue. Restrict access to sensitive files and directories to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shinseiyo Sogo Soft versions 7.9A and earlier **Description** The issue improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, an attacker may access arbitrary files on the PC. **Recommendations** For Shinseiyo Sogo Soft versions 7.9A and earlier, as a temporary workaround, consider restricting the processing of external XML entities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** National land numerical information data conversion tool all versions **Description** The issue is related to the improper restriction of XML external entity references (XXE) in the National land numerical information data conversion tool. This allows an attacker to access arbitrary files on a PC by processing a specially crafted XML file. **Recommendations** For all versions, consider disabling XML external entity references or restricting access to sensitive files as a temporary workaround until a patch is available. Avoid using the tool to process untrusted XML files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.