CVE-2018-21033

MEDIUM

Hitachi Device Manager < 8.6.2-00 - Improper Input Validation

Title source: rule

Description

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.

References (2)

[Vendor Advisory] http://www.hitachi.co.jp/Prod/comp/soft1/global/security/

[Vendor Advisory] https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-20

Status published

Affected Products (8)

hitachi/device_manager < 8.6.2-00

hitachi/compute_systems_manager < 8.6.2-00

hitachi/automation_director < 8.6.2-00

hitachi/tiered_storage_manager < 8.6.2-00

hitachi/replication_manager < 8.6.2-00

hitachi/tuning_manager < 8.6.2-00

hitachi/global_link_manager < 8.6.2-00

hitachi/infrastructure_analytics_advisor < 4.2.0-00

Timeline

Published Feb 14, 2020

Tracked Since Feb 18, 2026