IM
IronMonkey Threat Research

CVE-2021-40337 MEDIUM

Published: 2022-01-25 | Last Modified: 2024-11-21 | Status: Modified

Description

Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

Additional Descriptions (1)

Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Hitachi Energy LinkOne permite a un atacante que consiga explotar la vulnerabilidad pueda aprovechar para realizar múltiples ataques web y robar información confidencial. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26

CVSS Metrics

Base Score: 5.4 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
ScopeCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.3

Impact Score: 2.7

Base Score: 3.5 (LOW)

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationSINGLE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 6.8

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-79
[email protected] Primary
en CWE-79

Affected Products

Vendor Product Version Update Type
hitachi linkone 3.20 <built-in method update of dict object at 0x72a9a1f95480> Application
hitachi linkone 3.22 <built-in method update of dict object at 0x72a9a1f94740> Application
hitachi linkone 3.23 <built-in method update of dict object at 0x72a9a1f96cc0> Application
hitachi linkone 3.24 <built-in method update of dict object at 0x72a9a1f94080> Application
hitachi linkone 3.25 <built-in method update of dict object at 0x72a9a1f97e80> Application
hitachi linkone 3.26 <built-in method update of dict object at 0x72a9a1f956c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:hitachi:linkone:3.20:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.22:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.23:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.24:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.25:*:*:*:*:*:*:*
Yes cpe:2.3:a:hitachi:linkone:3.26:*:*:*:*:*:*:*

References

Notification
Message here