Lucene search

[email protected]CVE-2018-21033

HistoryFeb 14, 2020 - 4:15 p.m.

CVE-2018-21033

2020-02-1416:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2018-21033

hitachi

command suite

automation director

infrastructure analytics advisor

css

token sequence

remote user

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

38.3%

JSON

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.

CPENameOperatorVersion
hitachi:device_managerhitachi device managerlt8.6.2-00
hitachi:compute_systems_managerhitachi compute systems managerlt8.6.2-00
hitachi:automation_directorhitachi automation directorlt8.6.2-00
hitachi:tiered_storage_managerhitachi tiered storage managerlt8.6.2-00
hitachi:replication_managerhitachi replication managerlt8.6.2-00
hitachi:tuning_managerhitachi tuning managerlt8.6.2-00
hitachi:global_link_managerhitachi global link managerlt8.6.2-00
hitachi:infrastructure_analytics_advisorhitachi infrastructure analytics advisorlt4.2.0-00

CPE	Name	Operator	Version
hitachi:device_manager	hitachi device manager	lt	8.6.2-00
hitachi:compute_systems_manager	hitachi compute systems manager	lt	8.6.2-00
hitachi:automation_director	hitachi automation director	lt	8.6.2-00
hitachi:tiered_storage_manager	hitachi tiered storage manager	lt	8.6.2-00
hitachi:replication_manager	hitachi replication manager	lt	8.6.2-00
hitachi:tuning_manager	hitachi tuning manager	lt	8.6.2-00
hitachi:global_link_manager	hitachi global link manager	lt	8.6.2-00
hitachi:infrastructure_analytics_advisor	hitachi infrastructure analytics advisor	lt	4.2.0-00

References

www.hitachi.co.jp/Prod/comp/soft1/global/security/

www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for CVE-2018-21033

prion1 cvelist1