CVE-2018-21033 — MEDIUM (6.5)

Q: How severe is CVE-2018-21033?

CVE-2018-21033 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-21033?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Device Manager, Linux Linux Kernel, Microsoft Windows, Oracle Solaris, Hitachi Compute Systems Manager.

Vulnerability Description

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Hitachi	Device Manager	< 8.6.2-00
Linux	Linux Kernel	-
Microsoft	Windows	-
Oracle	Solaris	-
Hitachi	Compute Systems Manager	< 8.6.2-00
Hitachi	Automation Director	< 8.6.2-00
Hitachi	Tiered Storage Manager	< 8.6.2-00
Hitachi	Replication Manager	< 8.6.2-00
Hitachi	Tuning Manager	< 8.6.2-00
Hitachi	Global Link Manager	< 8.6.2-00
Hitachi	Infrastructure Analytics Advisor	< 4.2.0-00

Related Weaknesses (CWE)

CWE-20

References

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/Vendor Advisory
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-Vendor Advisory
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/Vendor Advisory
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-Vendor Advisory

FAQ

What is CVE-2018-21033?

CVE-2018-21033 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote user...

How severe is CVE-2018-21033?

CVE-2018-21033 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-21033?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Device Manager, Linux Linux Kernel, Microsoft Windows, Oracle Solaris, Hitachi Compute Systems Manager.