Vendor CVEs
Hitachi
All CVEs
382 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-31600 | 0.00 | — | 0.01 | Nov 8, 2021 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of… | |||
| CVE-2021-31599 | 0.00 | — | 0.02 | Nov 8, 2021 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code. | |||
| CVE-2021-29645 | 0.00 | — | 0.00 | Oct 12, 2021 | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | |||
| CVE-2021-29644 | 0.00 | — | 0.02 | Oct 12, 2021 | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS. | |||
| CVE-2021-41573 | 0.00 | — | 0.01 | Sep 29, 2021 | Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without… | |||
| CVE-2021-35527 | 0.00 | — | 0.01 | Jul 14, 2021 | Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. | |||
| CVE-2021-20740 | 0.00 | — | 0.03 | Jun 28, 2021 | Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated… | |||
| CVE-2021-26845 | 0.00 | — | 0.01 | Jun 14, 2021 | Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to… | |||
| CVE-2021-27196 | 0.00 | — | 0.02 | Jun 14, 2021 | Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of… | |||
| CVE-2020-24666 | 0.00 | — | 0.01 | Jan 29, 2021 | The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter.… | |||
| CVE-2020-24664 | 0.00 | — | 0.01 | Jan 29, 2021 | The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of… | |||
| CVE-2020-24670 | 0.00 | — | 0.01 | Jan 29, 2021 | The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of… | |||
| CVE-2020-24669 | 0.00 | — | 0.01 | Jan 29, 2021 | The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report… | |||
| CVE-2020-24665 | 0.00 | — | 0.01 | Jan 29, 2021 | The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml'… | |||
| CVE-2019-19002 | 0.00 | — | 0.01 | Apr 2, 2020 | For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. | |||
| CVE-2019-19001 | 0.00 | — | 0.02 | Apr 2, 2020 | For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as… | |||
| CVE-2019-19000 | 0.00 | — | 0.01 | Apr 2, 2020 | For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information. | |||
| CVE-2019-19097 | 0.00 | — | 0.01 | Apr 2, 2020 | ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection. | |||
| CVE-2019-19096 | 0.00 | — | 0.00 | Apr 2, 2020 | The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality. | |||
| CVE-2019-19095 | 0.00 | — | 0.01 | Apr 2, 2020 | Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | |||
| CVE-2019-19094 | 0.00 | — | 0.01 | Apr 2, 2020 | Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | |||
| CVE-2019-19093 | 0.00 | — | 0.01 | Apr 2, 2020 | eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | |||
| CVE-2019-19092 | 0.00 | — | 0.01 | Apr 2, 2020 | ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. | |||
| CVE-2019-19091 | 0.00 | — | 0.01 | Apr 2, 2020 | For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack. | |||
| CVE-2019-19090 | 0.00 | — | 0.01 | Apr 2, 2020 | For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. | |||
| CVE-2019-19089 | 0.00 | — | 0.01 | Apr 2, 2020 | For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code… | |||
| CVE-2019-19003 | 0.00 | — | 0.01 | Apr 2, 2020 | For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. | |||
| CVE-2019-18998 | 0.00 | — | 0.01 | Feb 17, 2020 | Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. | |||
| CVE-2018-21032 | 0.00 | — | 0.01 | Feb 14, 2020 | A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems… | |||
| CVE-2018-21033 | 0.00 | — | 0.01 | Feb 14, 2020 | A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi… | |||
| CVE-2018-21026 | 0.00 | — | 0.01 | Nov 12, 2019 | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | |||
| CVE-2019-17360 | 0.00 | — | 0.01 | Nov 12, 2019 | A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | |||
| CVE-2019-13657 | 0.00 | — | 0.03 | Oct 17, 2019 | CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||
| CVE-2019-2453 | 0.00 | — | 0.02 | Jan 16, 2019 | Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network… | |||
| CVE-2015-1565 | 0.00 | — | 0.01 | Feb 9, 2015 | Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite,… | |||
| CVE-2014-4189 | 0.00 | — | 0.01 | Jun 17, 2014 | Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4188 | 0.00 | — | 0.01 | Jun 17, 2014 | Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown… | |||
| CVE-2013-4697 | 0.00 | — | 0.02 | Jul 31, 2013 | Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and… | |||
| CVE-2011-5217 | 0.00 | — | 0.03 | Oct 25, 2012 | Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. | |||
| CVE-2012-5001 | 0.00 | — | 0.03 | Sep 19, 2012 | Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-4276 | 0.00 | — | 0.01 | Aug 13, 2012 | Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2012-4275 | 0.00 | — | 0.01 | Aug 13, 2012 | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4274 | 0.00 | — | 0.03 | Aug 13, 2012 | Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via… | |||
| CVE-2012-0919 | 0.00 | — | 0.01 | Jan 24, 2012 | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0918 | 0.00 | — | 0.04 | Jan 24, 2012 | Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows… | |||
| CVE-2012-0917 | 0.00 | — | 0.01 | Jan 24, 2012 | Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2010-4773 | 0.00 | — | 0.05 | Mar 23, 2011 | Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50… | |||
| CVE-2010-2625 | 0.00 | — | 0.01 | Jul 2, 2010 | Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and… | |||
| CVE-2009-4777 | 0.00 | — | 0.01 | Apr 21, 2010 | Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the… | |||
| CVE-2009-4776 | 0.00 | — | 0.03 | Apr 21, 2010 | Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact… |
- CVE-2021-31600Nov 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of…
- CVE-2021-31599Nov 8, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.
- CVE-2021-29645Oct 12, 2021risk 0.00cvss —epss 0.00
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
- CVE-2021-29644Oct 12, 2021risk 0.00cvss —epss 0.02
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.
- CVE-2021-41573Sep 29, 2021risk 0.00cvss —epss 0.01
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without…
- CVE-2021-35527Jul 14, 2021risk 0.00cvss —epss 0.01
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
- CVE-2021-20740Jun 28, 2021risk 0.00cvss —epss 0.03
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated…
- CVE-2021-26845Jun 14, 2021risk 0.00cvss —epss 0.01
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to…
- CVE-2021-27196Jun 14, 2021risk 0.00cvss —epss 0.02
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of…
- CVE-2020-24666Jan 29, 2021risk 0.00cvss —epss 0.01
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter.…
- CVE-2020-24664Jan 29, 2021risk 0.00cvss —epss 0.01
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of…
- CVE-2020-24670Jan 29, 2021risk 0.00cvss —epss 0.01
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of…
- CVE-2020-24669Jan 29, 2021risk 0.00cvss —epss 0.01
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report…
- CVE-2020-24665Jan 29, 2021risk 0.00cvss —epss 0.01
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml'…
- CVE-2019-19002Apr 2, 2020risk 0.00cvss —epss 0.01
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
- CVE-2019-19001Apr 2, 2020risk 0.00cvss —epss 0.02
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as…
- CVE-2019-19000Apr 2, 2020risk 0.00cvss —epss 0.01
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
- CVE-2019-19097Apr 2, 2020risk 0.00cvss —epss 0.01
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.
- CVE-2019-19096Apr 2, 2020risk 0.00cvss —epss 0.00
The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.
- CVE-2019-19095Apr 2, 2020risk 0.00cvss —epss 0.01
Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.
- CVE-2019-19094Apr 2, 2020risk 0.00cvss —epss 0.01
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
- CVE-2019-19093Apr 2, 2020risk 0.00cvss —epss 0.01
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.
- CVE-2019-19092Apr 2, 2020risk 0.00cvss —epss 0.01
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.
- CVE-2019-19091Apr 2, 2020risk 0.00cvss —epss 0.01
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
- CVE-2019-19090Apr 2, 2020risk 0.00cvss —epss 0.01
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
- CVE-2019-19089Apr 2, 2020risk 0.00cvss —epss 0.01
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code…
- CVE-2019-19003Apr 2, 2020risk 0.00cvss —epss 0.01
For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.
- CVE-2019-18998Feb 17, 2020risk 0.00cvss —epss 0.01
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
- CVE-2018-21032Feb 14, 2020risk 0.00cvss —epss 0.01
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems…
- CVE-2018-21033Feb 14, 2020risk 0.00cvss —epss 0.01
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi…
- CVE-2018-21026Nov 12, 2019risk 0.00cvss —epss 0.01
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
- CVE-2019-17360Nov 12, 2019risk 0.00cvss —epss 0.01
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.
- CVE-2019-13657Oct 17, 2019risk 0.00cvss —epss 0.03
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
- CVE-2019-2453Jan 16, 2019risk 0.00cvss —epss 0.02
Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network…
- CVE-2015-1565Feb 9, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite,…
- CVE-2014-4189Jun 17, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-4188Jun 17, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown…
- CVE-2013-4697Jul 31, 2013risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and…
- CVE-2011-5217Oct 25, 2012risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.
- CVE-2012-5001Sep 19, 2012risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
- CVE-2012-4276Aug 13, 2012risk 0.00cvss —epss 0.01
Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors.
- CVE-2012-4275Aug 13, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-4274Aug 13, 2012risk 0.00cvss —epss 0.03
Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via…
- CVE-2012-0919Jan 24, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-0918Jan 24, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows…
- CVE-2012-0917Jan 24, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-4773Mar 23, 2011risk 0.00cvss —epss 0.05
Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50…
- CVE-2010-2625Jul 2, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and…
- CVE-2009-4777Apr 21, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the…
- CVE-2009-4776Apr 21, 2010risk 0.00cvss —epss 0.03
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact…
Page 6 of 8