CVE-2015-1565: XSS
First published: Mon Feb 09 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Device Manager | <=8.1.1 | |
| Hitachi Replication Manager | <=8.1.1 | |
| Hitachi Tiered Storage Manager | <=8.1.1 | |
| Microsoft Windows | ||
| openSUSE Welcome | ||
| Red Hat Enterprise Linux | ||
| Hitachi Compute Systems Manager | <=7.6.1 | |
| Hitachi Compute Systems Manager | =8.0.0 | |
| Hitachi Compute Systems Manager | =8.1.0 | |
| Hitachi Compute Systems Manager | =8.1.1 | |
| Hitachi Global Link Manager | <=8.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-1565?
CVE-2015-1565 is classified as a high severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2015-1565?
To mitigate CVE-2015-1565, upgrade to Hitachi Device Manager, Replication Manager, Tiered Storage Manager, Global Link Manager version 8.1.2-00 or later, and Compute Systems Manager version 7.6.1-08 or later.
Which versions are affected by CVE-2015-1565?
CVE-2015-1565 affects Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager versions prior to 8.1.2-00, and Compute Systems Manager versions prior to 7.6.1-08 and 8.x prior to 8.1.2-00.
Is CVE-2015-1565 exploitable remotely?
Yes, CVE-2015-1565 is exploitable remotely, allowing attackers to execute cross-site scripting attacks.
What kind of attacks can CVE-2015-1565 facilitate?
CVE-2015-1565 can facilitate cross-site scripting (XSS) attacks, potentially allowing attackers to steal session cookies or perform actions on behalf of users.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hitachi
- canonical/hitachi device manager
- version/hitachi device manager/8.1.1
- canonical/hitachi replication manager
- version/hitachi replication manager/8.1.1
- canonical/hitachi tiered storage manager
- version/hitachi tiered storage manager/8.1.1
- vendor/microsoft
- canonical/microsoft windows
- vendor/novell
- canonical/opensuse welcome
- vendor/redhat
- canonical/red hat enterprise linux
- canonical/hitachi compute systems manager
- version/hitachi compute systems manager/7.6.1
- version/hitachi compute systems manager/8.0.0
- version/hitachi compute systems manager/8.1.0
- version/hitachi compute systems manager/8.1.1
- canonical/hitachi global link manager
- version/hitachi global link manager/8.1.1