Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
AnalysisAI
Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.
Technical ContextAI
The vulnerability is rooted in CWE-763 (Assertion with Side Effects), which typically manifests when buffer handling logic fails to properly validate input boundaries before writing to memory regions. In this context, the affected Hitachi products (JP1/IT Desktop Management 2 Manager/Operations Director, JP1/IT Desktop Management Manager, JP1/NETM/DM Manager/Client, and Job Management Partner 1 Software Distribution Manager/Client) running on Windows are susceptible to memory corruption when processing untrusted input. The CVSS vector AV:L/AC:L/PR:L indicates local attack vector with low complexity, requiring low-privilege authenticated access, suggesting the flaw exists in inter-process communication, file parsing, or local API handling within these management and distribution platforms.
RemediationAI
Update to patched versions: JP1/IT Desktop Management 2 Manager/Operations Director to 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, or 12-60-12 depending on your current version; Job Management Partner 1/IT Desktop Management 2 Manager to 10-50-12 or later; JP1/IT Desktop Management Manager/Job Management Partner 1/IT Desktop Management Manager to 10-10-17 or later; JP1/NETM/DM Manager/Client to 10-20-03 or later; Job Management Partner 1/Software Distribution Manager/Client to 09-51-14 or later. Organizations should consult the Hitachi security advisory at https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/ for exact patch availability dates and detailed update procedures. Given the local-only attack vector, prioritize updating systems that support shared logins or host untrusted users; manager components should be updated first to prevent potential cascading impact on managed endpoints.
Same weakness CWE-763 – Release of Invalid Pointer or Reference
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209257