CVE-2014-4188

Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-00:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-00:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-54:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:jp1\/performance_management-manager_web_option:07-54:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:tuning_manager:6.0.0:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:tuning_manager:7.1.0:*:*:*:*:linux_kernel:*:*
cpe:2.3:a:hitachi:tuning_manager:7.6.1:*:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:tuning_manager:7.6.1:05:*:*:*:solaris:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:linux_kernel:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:*:*:*:*:windows:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:linux_kernel:*:*
cpe:2.3:a:hitachi:tuning_manager:8.0.0:03:*:*:*:windows:*:*

History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://secunia.com/advisories/58528 - () http://secunia.com/advisories/58528 -
References () http://secunia.com/advisories/58899 - () http://secunia.com/advisories/58899 -
References () http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html - Vendor Advisory () http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html - Vendor Advisory
References () http://www.securityfocus.com/bid/68015 - () http://www.securityfocus.com/bid/68015 -

Information

Published : 2014-06-17 14:55

Updated : 2024-11-21 02:09


NVD link : CVE-2014-4188

Mitre link : CVE-2014-4188

CVE.ORG link : CVE-2014-4188


JSON object : View

Products Affected

hitachi

  • tuning_manager
  • jp1\/performance_management-manager_web_option
CWE
CWE-352

Cross-Site Request Forgery (CSRF)