Vulnerability Details : CVE-2018-21033
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
Vulnerability category: Input validation
Products affected by CVE-2018-21033
- cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:automation_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-21033
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-21033
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
5.0
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
3.1
|
1.4
|
MITRE | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-21033
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-21033
-
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/
Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor: Software Vulnerability Information: Software: HitachiVendor Advisory
-
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/
Software Vulnerability Information: Software: HitachiVendor Advisory
Jump to