EUVD-2025-209257
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Tags
Description
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Analysis
Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.
Technical Context
The vulnerability is rooted in CWE-763 (Assertion with Side Effects), which typically manifests when buffer handling logic fails to properly validate input boundaries before writing to memory regions. In this context, the affected Hitachi products (JP1/IT Desktop Management 2 Manager/Operations Director, JP1/IT Desktop Management Manager, JP1/NETM/DM Manager/Client, and Job Management Partner 1 Software Distribution Manager/Client) running on Windows are susceptible to memory corruption when processing untrusted input. The CVSS vector AV:L/AC:L/PR:L indicates local attack vector with low complexity, requiring low-privilege authenticated access, suggesting the flaw exists in inter-process communication, file parsing, or local API handling within these management and distribution platforms.
Affected Products
JP1/IT Desktop Management 2 Manager is affected in versions 13-50 before 13-50-02, 13-11 before 13-11-04, 13-10 before 13-10-07, 13-01 before 13-01-07, 13-00 before 13-00-05, 12-60 before 12-60-12, and 10-50 through 12-50-11. JP1/IT Desktop Management 2 Operations Director has identical version ranges. Job Management Partner 1/IT Desktop Management 2 Manager is vulnerable in versions 10-50 through 10-50-11. JP1/IT Desktop Management Manager and Job Management Partner 1/IT Desktop Management Manager are affected from version 09-50 through 10-10-16. JP1/NETM/DM Manager and JP1/NETM/DM Client are vulnerable from version 09-00 through 10-20-02. Job Management Partner 1/Software Distribution Manager and Client are affected from version 09-00 through 09-51-13. All affected products run on Windows platforms. See Hitachi security advisory hitachi-sec-2026-118 for complete version-specific details.
Remediation
Update to patched versions: JP1/IT Desktop Management 2 Manager/Operations Director to 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, or 12-60-12 depending on your current version; Job Management Partner 1/IT Desktop Management 2 Manager to 10-50-12 or later; JP1/IT Desktop Management Manager/Job Management Partner 1/IT Desktop Management Manager to 10-10-17 or later; JP1/NETM/DM Manager/Client to 10-20-03 or later; Job Management Partner 1/Software Distribution Manager/Client to 09-51-14 or later. Organizations should consult the Hitachi security advisory at https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/ for exact patch availability dates and detailed update procedures. Given the local-only attack vector, prioritize updating systems that support shared logins or host untrusted users; manager components should be updated first to prevent potential cascading impact on managed endpoints.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today