| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets. |
| Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. |
| Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors. |
| Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. |
| The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. |
| The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. |
| Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data. |
| SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components. |
| Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data". |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. |
| Overview
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)
Description
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default.
Impact
When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product. |
| Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. |
| Overview
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)
Description
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not restrict JNDI identifiers during the creation of platform data sources.
Impact
An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users. |
| The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. (CWE-280)
Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not handle invalid and missing permissions correctly, resulting in a denial of service.
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.
|
| Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. |
| Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods. |
| Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet. |
