CVE-2007-3623
Hitachi JP1/HiCommand Device Manager - Cross-Site Scripting via Expect HTTP Header
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35286
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37848
Patch x_refsource_confirm
http://www.hitachi-support.com/security_e/vuls_e/HS07-017_e/index-e.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2457
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24797
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25973
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37849
Scores
EPSS
0.0077
EPSS Percentile
73.7%
Details
Status
published
Products (12)
hitachi/jp1-hicommand_device_manager
02_30 (2 CPE variants)
hitachi/jp1-hicommand_device_manager
05_00 (2 CPE variants)
hitachi/jp1-hicommand_device_manager
05_10
hitachi/jp1-hicommand_device_manager
05_50 (3 CPE variants)
hitachi/jp1-hicommand_global_link_availability_manager
05_00
hitachi/jp1-hicommand_replication_monitor
04_00 (2 CPE variants)
hitachi/jp1-hicommand_replication_monitor
05_00 (2 CPE variants)
hitachi/jp1-hicommand_replication_monitor
05_50 (2 CPE variants)
hitachi/jp1-hicommand_tiered_storage_manager
04_00
hitachi/jp1-hicommand_tiered_storage_manager
04_30
... and 2 more
Published
Jul 09, 2007
Tracked Since
Feb 18, 2026