PT-2014-5722 · Hitachi · Hitachi Tuning Manager+1

Published

2014-06-17

Updated

2015-09-02

CVE-2014-4188

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Hitachi Tuning Manager versions prior to 7.6.1-06 Hitachi Tuning Manager versions 8.x prior to 8.0.0-04 JP1/Performance Management - Manager Web Option versions 07-00 through 07-54

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims via unknown vectors.

Recommendations For Hitachi Tuning Manager versions prior to 7.6.1-06, update to version 7.6.1-06 or later. For Hitachi Tuning Manager versions 8.x prior to 8.0.0-04, update to version 8.0.0-04 or later. For JP1/Performance Management - Manager Web Option versions 07-00 through 07-54, consider disabling web options or restricting access until an update is available.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2014-4188

Affected Products

Hitachi Tuning Manager

Jp1/Performance Management - Manager Web Option

PT-2014-5722 · Hitachi · Hitachi Tuning Manager+1

CVE-2014-4188

Weakness Enumeration

Related Identifiers

Affected Products

References · 5