Filtered by vendor Hitachi
Subscriptions
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24670 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | ||||
| CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | ||||
| CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 | ||||
| CVE-2020-24665 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 6.5 Medium |
| The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA | ||||
| CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | 5.4 Medium |
| The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | ||||
| CVE-2019-17360 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Device Manager, Infrastructure Analytics Advisor, Replication Manager and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | ||||
| CVE-2018-21033 | 4 Hitachi, Linux, Microsoft and 1 more | 11 Automation Director, Compute Systems Manager, Device Manager and 8 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. | ||||
| CVE-2018-21032 | 4 Hitachi, Linux, Microsoft and 1 more | 6 Automation Director, Compute Systems Manager, Device Manager and 3 more | 2024-11-21 | 4.3 Medium |
| A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. | ||||
| CVE-2018-21026 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | ||||
| CVE-2018-14735 | 3 Hitachi, Linux, Microsoft | 8 Command Suite, Compute Systems Manager, Device Manager and 5 more | 2024-11-21 | N/A |
| An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message. | ||||
| CVE-2017-9298 | 1 Hitachi | 1 Device Manager | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | ||||
| CVE-2017-9297 | 1 Hitachi | 1 Device Manager | 2024-11-21 | N/A |
| Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | ||||
| CVE-2017-9296 | 1 Hitachi | 1 Device Manager | 2024-11-21 | N/A |
| Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | ||||
| CVE-2017-9295 | 1 Hitachi | 1 Device Manager | 2024-11-21 | N/A |
| XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | ||||
| CVE-2017-9294 | 1 Hitachi | 1 Device Manager | 2024-11-21 | N/A |
| RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. | ||||
| CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4189 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4188 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-4697 | 1 Hitachi | 3 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Jp1\/it Desktop Management-manager | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. | ||||
| CVE-2012-5001 | 1 Hitachi | 1 Jp1\/cm2\/network Node Manager | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. | ||||