製品・ソフトウェアに関する情報

JVN脆弱性詳細

Hitachi Groupmax Collaboration Portal などの製品におけるクロスサイトスクリプティングの脆弱性

Title	Hitachi Groupmax Collaboration Portal などの製品におけるクロスサイトスクリプティングの脆弱性
Summary	Hitachi Groupmax Collaboration Portal、Web Client、および uCosminexus Collaboration Portal には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、"悪意あるスクリプトを実行される" 可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 5, 2006, midnight
Registration Date	Dec. 20, 2012, 6:02 p.m.
Last Update	Dec. 20, 2012, 6:02 p.m.

Affected System

日立

Cosminexus Collaboration Portal

Groupmax Collaboration Portal

Groupmax Collaboration Web Client 07-20-/D 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-3574	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3574
National Vulnerability Database (NVD)
2	CVE-2006-3574	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3574

ベンダー情報

No	Name	URL
Hitachi
1	HS06-014	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/pdf/HS06-014.pdf

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-3574

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01).
Summary	This vulnerability is addressed in the following product releases: Hitachi, Groupmax Collaboration Portal, 07-20-/D Hitachi, Groupmax Collaboration Web Client, 07-20-/D Hitachi, Cosminexus Collaboration Portal, 06-20-/C
Publication Date	July 13, 2006, 7:05 p.m.
Registration Date	Jan. 29, 2021, 3:41 p.m.
Last Update	July 20, 2017, 10:32 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_collaboration_portal:6.2:::::::*
cpe:2.3:a:hitachi:cosminexus_collaboration_portal:06_00:::::::*
cpe:2.3:a:hitachi:cosminexus_collaboration_portal::::::::		06_10_b
cpe:2.3:a:hitachi:groupmax_collaboration_portal:7.2:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_portal:07_00:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_portal::::::::		07_10_b
cpe:2.3:a:hitachi:groupmax_collaboration_web_client:7.2:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_web_client:07_00:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_web_client::::::::		07_10_a

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/20926	SECUNIA	Patch Vendor Advisory
2	http://www.hitachi-support.com/security_e/vuls_e/HS06-014_e/01-e.html	CONFIRM	Patch
3	http://www.hitachi-support.com/security_e/vuls_e/HS06-014_e/index-e.html	CONFIRM	Patch
4	http://www.securityfocus.com/bid/18830	BID	Patch
5	http://www.vupen.com/english/advisories/2006/2665	VUPEN
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/27605	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_collaboration_portal:6.2:::::::*
cpe:2.3:a:hitachi:cosminexus_collaboration_portal:06_00:::::::*
cpe:2.3:a:hitachi:cosminexus_collaboration_portal::::::::		06_10_b
cpe:2.3:a:hitachi:groupmax_collaboration_portal:7.2:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_portal:07_00:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_portal::::::::		07_10_b
cpe:2.3:a:hitachi:groupmax_collaboration_web_client:7.2:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_web_client:07_00:::::::*
cpe:2.3:a:hitachi:groupmax_collaboration_web_client::::::::		07_10_a