PT-2014-5723 · Hitachi · Hitachi Tuning Manager+1

Published

2014-06-17

Updated

2015-09-02

CVE-2014-4189

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Hitachi Tuning Manager versions prior to 7.6.1-06 Hitachi Tuning Manager versions 8.x prior to 8.0.0-04 JP1/Performance Management - Manager Web Option versions 07-00 through 07-54

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For Hitachi Tuning Manager versions prior to 7.6.1-06, update to version 7.6.1-06 or later. For Hitachi Tuning Manager versions 8.x prior to 8.0.0-04, update to version 8.0.0-04 or later. For JP1/Performance Management - Manager Web Option versions 07-00 through 07-54, consider disabling web script injection capabilities until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2014-4189

Affected Products

Hitachi Tuning Manager

Jp1/Performance Management - Manager Web Option

PT-2014-5723 · Hitachi · Hitachi Tuning Manager+1

CVE-2014-4189

Weakness Enumeration

Related Identifiers

Affected Products

References · 5