Hitachi JP1/HiCommand unspecified information disclosure

hitachi-hicommand-information-disclosure (33328) The risk level is classified as LowLow Risk

Description:

Hitachi JP1/HiCommand could allow a local attacker to obtain sensitive information, caused by an unspecified vulnerability. An attacker could exploit this vulnerability to obtain sensitive authentication information.

Platforms Affected:

  • Hitachi, JP1/HiCommand Device Manager Linux 5-10 - 5-10-05
  • Hitachi, JP1/HiCommand Device Manager Linux 5-50 - 5-50-02
  • Hitachi, JP1/HiCommand Device Manager Linux 5-60
  • Hitachi, JP1/HiCommand Device Manager Solaris 5-00 - 5-10-05
  • Hitachi, JP1/HiCommand Device Manager Solaris 5-50 - 5-50-02
  • Hitachi, JP1/HiCommand Device Manager Solaris 5-60
  • Hitachi, JP1/HiCommand Device Manager Win 5-00 - 5-10-05
  • Hitachi, JP1/HiCommand Device Manager Win 5-50 - 5-50-02
  • Hitachi, JP1/HiCommand Device Manager Win 5-60
  • Hitachi, JP1/HiCommand Global Link Manager Win 5-00 - 5-60
  • Hitachi, JP1/HiCommand Global Link Manager Win 5-60
  • Hitachi, JP1/HiCommand ReplicationMonitor Solaris 4-00 - 05-50-02
  • Hitachi, JP1/HiCommand ReplicationMonitor Solaris 5-60
  • Hitachi, JP1/HiCommand ReplicationMonitor Win 05-60
  • Hitachi, JP1/HiCommand ReplicationMonitor Win 4-00 - 05-50-02
  • Hitachi, JP1/HiCommand Tiered Storage Solaris 4-00 - 05-50-01
  • Hitachi, JP1/HiCommand Tiered Storage Win 4-00 - 05-50-01
  • Hitachi, JP1/HiCommand Tuning Manager Solaris 4-00 - 05-50-01
  • Hitachi, JP1/HiCommand Tuning Manager Win 4-00 - 05-50-01

Remedy:

Refer to HS07-007 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Obtain Information

References:

  • HS07-007, Information Exposure Vulnerability of JP1/HiCommand Series Products at http://www.hitachi-support.com/security_e/vuls_e/HS07-007_e/index-e.html.
  • BID-23210: Multiple Hitachi JP1/HiCommand Products Local Information Disclosure Vulnerability
  • CVE-2007-1853: Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors.
  • FrSIRT/ADV-2007-1169: Hitachi JP1/HiCommand Products Unspecified Local Information Disclosure Vulnerability
  • SA24684: Hitachi JP1/HiCommand Unspecified Information Disclosure Vulnerability

Reported:

Mar 30, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page