CVE-2014-4189

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-4189
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/58528
http://secunia.com/advisories/58899
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html Vendor Advisory
http://www.securityfocus.com/bid/68015
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*
cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*
History

No history.

Information

Published : 2014-06-17 14:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-4189

Mitre link : CVE-2014-4189

CVE.ORG link : CVE-2014-4189

JSON object : View

Products Affected

hitachi

  • jp1\/performance_management-manager_web_option
  • tuning_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')