PT-2007-4878 · Hitachi · Replication Monitor+3

Published

2007-07-09

Updated

2017-07-29

CVE-2007-3623

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager versions prior to 20070528

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. This could potentially lead to unauthorized actions on the affected system.

Recommendations For versions prior to 20070528, update to a version released after 20070528 to resolve the issue. As a temporary workaround, consider restricting access to the Expect HTTP header to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3623

Affected Products

Globallink Availability Manager

Hitachi Jp1/Hicommand Devicemanager

Replication Monitor

Tiered Storage Manager

PT-2007-4878 · Hitachi · Replication Monitor+3

CVE-2007-3623

Related Identifiers

Affected Products

References · 8