Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hitachi Subscribe
Total 155 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24666 1 Hitachi 1 Vantara Pentaho 2021-02-04 3.5 LOW 5.4 MEDIUM
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1
CVE-2020-24664 1 Hitachi 1 Vantara Pentaho 2021-02-04 3.5 LOW 5.4 MEDIUM
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
CVE-2020-24665 1 Hitachi 1 Vantara Pentaho 2021-02-04 4.0 MEDIUM 6.5 MEDIUM
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA
CVE-2020-24669 1 Hitachi 1 Vantara Pentaho 2021-02-04 3.5 LOW 5.4 MEDIUM
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
CVE-2020-24670 1 Hitachi 1 Vantara Pentaho 2021-02-04 3.5 LOW 5.4 MEDIUM
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
CVE-2018-21032 4 Hitachi, Linux, Microsoft and 1 more 6 Automation Director, Compute Systems Manager, Device Manager and 3 more 2020-02-27 4.0 MEDIUM 4.3 MEDIUM
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.
CVE-2018-21033 4 Hitachi, Linux, Microsoft and 1 more 11 Automation Director, Compute Systems Manager, Device Manager and 8 more 2020-02-27 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
CVE-2018-21026 4 Hitachi, Linux, Microsoft and 1 more 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more 2019-11-18 5.0 MEDIUM 7.5 HIGH
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
CVE-2019-17360 4 Hitachi, Linux, Microsoft and 1 more 8 Device Manager, Infrastructure Analytics Advisor, Replication Manager and 5 more 2019-11-18 5.0 MEDIUM 7.5 HIGH
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.
CVE-2017-9294 1 Hitachi 1 Device Manager 2019-10-02 7.5 HIGH 9.8 CRITICAL
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVE-2005-0356 9 Alaxala, Cisco, F5 and 6 more 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more 2019-04-30 5.0 MEDIUM N/A
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
CVE-2018-14735 3 Hitachi, Linux, Microsoft 8 Command Suite, Compute Systems Manager, Device Manager and 5 more 2018-10-11 5.0 MEDIUM 7.5 HIGH
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVE-2003-0564 1 Hitachi 2 Groupmax Mail - Security Option, Pki Runtime Library 2017-10-10 5.0 MEDIUM N/A
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
CVE-2012-5001 1 Hitachi 1 Jp1\/cm2\/network Node Manager 2017-08-28 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i before 09-50-03 allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
CVE-2012-0917 1 Hitachi 1 It Operations Analyzer 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0918 1 Hitachi 3 Cobol2002 Net Client Suite, Cobol2002 Net Developer, Cobol2002 Net Server Suite 2017-08-28 10.0 HIGH N/A
Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2012-0919 1 Hitachi 1 It Operations Director 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5217 1 Hitachi 2 Jp1\/serverconductor\/deploymentmanager, Serverconductor\/deploymentmanager 2017-08-28 5.0 MEDIUM N/A
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.
CVE-2010-4773 4 Hitachi, Ibm, Linux and 1 more 6 Eur Form Client, Eur Form Service, Ucosminexus Eur Form Service and 3 more 2017-08-16 10.0 HIGH N/A
Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2009-4777 4 Hitachi, Hp, Microsoft and 1 more 17 Job Management Partner 1\/automatic Job Management System 2-view, Job Management Partner 1\/integrated Management-view, Job Management Partner 1\/integrated Manager-console View and 14 more 2017-08-16 4.3 MEDIUM N/A
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file."