6.5
CVE-2018-21033
- EPSS 0.11%
- Veröffentlicht 14.02.2020 16:15:09
- Zuletzt bearbeitet 21.11.2024 04:02:44
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hitachi ≫ Device Manager Version < 8.6.2-00
Hitachi ≫ Compute Systems Manager Version < 8.6.2-00
Hitachi ≫ Automation Director Version < 8.6.2-00
Hitachi ≫ Tiered Storage Manager Version < 8.6.2-00
Hitachi ≫ Replication Manager Version < 8.6.2-00
Hitachi ≫ Tuning Manager Version < 8.6.2-00
Hitachi ≫ Global Link Manager Version < 8.6.2-00
Hitachi ≫ Infrastructure Analytics Advisor Version < 4.2.0-00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.267 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
| cve@mitre.org | 5 | 3.1 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.