Cross-Site Request Forgery in Hitachi Tuning Manager and JP1/Performance Management
CVE-2014-4188

Currently unrated

Key Information:

Vendor: Hitachi
Status: Tuning Manager; Jp1\/performance Management-manager Web Option
Vendor: CVE Published:; 17 June 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in Hitachi Tuning Manager prior to version 7.6.1-06 and version 8.x prior to 8.0.0-04, as well as in JP1/Performance Management - Manager Web Option versions 07-00 through 07-54. This flaw enables remote attackers to exploit the vulnerability to hijack user authentication, potentially allowing them to perform actions on behalf of unsuspecting users without their consent. Proper security measures and updates are necessary to mitigate the risks associated with this vulnerability.

References

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/...

x_refsource_CONFIRM

http://secunia.com/advisories/58899

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/58528

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 17, 2014
Vulnerability Reserved
Jun 17, 2014