CVE-2018-21033

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:hitachi:automation_director:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:02

Type Values Removed Values Added
References () http://www.hitachi.co.jp/Prod/comp/soft1/global/security/ - Vendor Advisory () http://www.hitachi.co.jp/Prod/comp/soft1/global/security/ - Vendor Advisory
References () https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/ - Vendor Advisory () https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/ - Vendor Advisory

Information

Published : 2020-02-14 16:15

Updated : 2024-11-21 04:02


NVD link : CVE-2018-21033

Mitre link : CVE-2018-21033

CVE.ORG link : CVE-2018-21033


JSON object : View

Products Affected

hitachi

  • automation_director
  • replication_manager
  • compute_systems_manager
  • tuning_manager
  • tiered_storage_manager
  • infrastructure_analytics_advisor
  • global_link_manager
  • device_manager

oracle

  • solaris

linux

  • linux_kernel

microsoft

  • windows
CWE
CWE-20

Improper Input Validation