PT-2025-21268 · Hitachi · Hitachi Jp1/It Desktop Management 2 - Smart Device Manager
Published
2025-05-15
·
Updated
2025-05-15
·
CVE-2025-27523
CVSS v3.1
8.7
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Hitachi JP1/IT Desktop Management 2 - Smart Device Manager versions 10-50 through 10-50-06
Hitachi JP1/IT Desktop Management 2 - Smart Device Manager versions 11-00 through 11-00-05
Hitachi JP1/IT Desktop Management 2 - Smart Device Manager versions 11-10 through 11-10-08
Hitachi JP1/IT Desktop Management 2 - Smart Device Manager versions 12-00 through 12-00-07
Description:
This issue is related to an XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows. The vulnerability is due to improper restriction of XML external entity references, which can be exploited.
Recommendations:
For versions 10-50 through 10-50-06, update to a version later than 10-50-06.
For versions 11-00 through 11-00-05, update to a version later than 11-00-05.
For versions 11-10 through 11-10-08, update to a version later than 11-10-08.
For versions 12-00 through 12-00-07, update to a version later than 12-00-07.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Jp1/It Desktop Management 2 - Smart Device Manager