[Japanese]

JVNDB-2017-002225

Cross-site Scripting Vulnerability in multiple Hitachi products

Overview

A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.7 (Medium) [Vendor Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [Vendor Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Groupmax Collaboration Portal
  • Groupmax Collaboration Web Client - Forum/File Sharing
  • Groupmax Collaboration Web Client - Mail/Schedule
  • Hitachi Navigation Platform
  • Hitachi Navigation Platform for Developers
  • JP1/Integrated Management - Navigation Platform
  • JP1/Navigation Platform
  • JP1/Navigation Platform for Developers
  • uCosminexus Collaboration Portal
  • uCosminexus Collaboration Portal - Forum/File Sharing
  • uCosminexus Navigation Developer
  • uCosminexus Navigation Platform
  • uCosminexus Navigation Platform - Authoring License
  • uCosminexus Navigation Platform - User License
  • uCosminexus Portal Framework
  • uCosminexus Portal Framework - Light

Please refer to the vendor information for more details.
Impact

Remote users can exploit this vulnerability to execute malicious scripts.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
CWE (What is CWE?)

CVE (What is CVE?)

References

Revision History

  • [2017/06/30]
      Web page was published

Date Public2017/02/17
Date First Published2017/06/30
Date Last Updated2017/06/30