CVE-2018-21033
MEDIUMHitachi Command Suite < 8.6.2-00 - Authenticated CSS Injection
Title source: llmDescription
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/
Vendor Advisory x_refsource_confirm
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-128/
Scores
CVSS v3
6.5
EPSS
0.0011
EPSS Percentile
29.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (8)
hitachi/automation_director
< 8.6.2-00
hitachi/compute_systems_manager
< 8.6.2-00
hitachi/device_manager
< 8.6.2-00
hitachi/global_link_manager
< 8.6.2-00
hitachi/infrastructure_analytics_advisor
< 4.2.0-00
hitachi/replication_manager
< 8.6.2-00
hitachi/tiered_storage_manager
< 8.6.2-00
hitachi/tuning_manager
< 8.6.2-00
Published
Feb 14, 2020
Tracked Since
Feb 18, 2026