Search criteria
209 vulnerabilities by Hitachi
CVE-2025-66444 (GCVE-0-2025-66444)
Vulnerability from cvelistv5 – Published: 2025-12-24 04:53 – Updated: 2025-12-24 04:53
VLAI?
Title
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , ≤ *
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T04:53:34.752Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-133/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-133",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-66444",
"datePublished": "2025-12-24T04:53:34.752Z",
"dateReserved": "2025-12-01T05:12:46.809Z",
"dateUpdated": "2025-12-24T04:53:34.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66445 (GCVE-0-2025-66445)
Vulnerability from cvelistv5 – Published: 2025-12-24 04:52 – Updated: 2025-12-24 04:52
VLAI?
Title
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Severity ?
7.1 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , ≤ *
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T04:52:40.728Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-133/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-133",
"discovery": "UNKNOWN"
},
"title": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-66445",
"datePublished": "2025-12-24T04:52:40.728Z",
"dateReserved": "2025-12-01T05:12:46.810Z",
"dateUpdated": "2025-12-24T04:52:40.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3624 (GCVE-0-2025-3624)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:42 – Updated: 2025-05-16 15:31
VLAI?
Title
Missing Authorization Vulnerability in Hitachi Ops Center Analyzer
Summary
Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:31:40.783730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:31:49.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:42:19.538Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Missing Authorization Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-3624",
"datePublished": "2025-05-16T06:42:19.538Z",
"dateReserved": "2025-04-15T02:14:15.919Z",
"dateUpdated": "2025-05-16T15:31:49.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8201 (GCVE-0-2024-8201)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:32 – Updated: 2025-05-16 15:32
VLAI?
Title
Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer
Summary
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.
Severity ?
5.4 (Medium)
CWE
- CWE-1385 - Missing Origin Validation in WebSockets
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.8.0-00 , < 11.0.4-00
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:32:33.240487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:32:48.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"RAID Agent"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.8.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"RAID Agent"
],
"platforms": [
"Windows"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.9.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site WebSocket Hijacking\u0026nbsp;vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Cross-Site WebSocket Hijacking\u00a0vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1385",
"description": "CWE-1385 Missing Origin Validation in WebSockets",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:32:23.411Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-8201",
"datePublished": "2025-05-16T06:32:23.411Z",
"dateReserved": "2024-08-27T04:53:33.648Z",
"dateUpdated": "2025-05-16T15:32:48.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1531 (GCVE-0-2025-1531)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:17 – Updated: 2025-05-16 15:39
VLAI?
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF
Summary
Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.
Severity ?
6.5 (Medium)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer viewpoint |
Affected:
10.0.0-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:39:33.710414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:39:46.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer viewpoint",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:17:30.848Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1531",
"datePublished": "2025-05-16T06:17:30.848Z",
"dateReserved": "2025-02-21T00:47:08.932Z",
"dateUpdated": "2025-05-16T15:39:46.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1245 (GCVE-0-2025-1245)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:08 – Updated: 2025-05-16 15:40
VLAI?
Title
Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer
Summary
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
Severity ?
6.5 (Medium)
CWE
- CWE-348 - Use of Less Trusted Source
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , ≤ *
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:40:09.928899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:40:39.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer\u0026nbsp; (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer\u00a0 (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348 Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:08:03.008Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1245",
"datePublished": "2025-05-16T06:08:03.008Z",
"dateReserved": "2025-02-12T09:03:17.810Z",
"dateUpdated": "2025-05-16T15:40:39.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27525 (GCVE-0-2025-27525)
Vulnerability from cvelistv5 – Published: 2025-05-15 06:45 – Updated: 2025-05-15 14:06
VLAI?
Title
Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Summary
Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
Severity ?
CWE
- CWE-525 - Use of Web Browser Cache Containing Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Smart Device Manager |
Affected:
12-00 , < 12-00-08
(custom)
Affected: 11-10 , ≤ 11-10-08 (custom) Affected: 11-00 , ≤ 11-00-05 (custom) Affected: 10-50 , ≤ 10-50-06 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:05:50.944114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:06:02.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Smart Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-08",
"status": "unaffected"
}
],
"lessThan": "12-00-08",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-10-08",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-05",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-50-06",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.\u003c/p\u003e"
}
],
"value": "Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T06:45:58.849Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-115/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-115",
"discovery": "UNKNOWN"
},
"title": "Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-27525",
"datePublished": "2025-05-15T06:45:58.849Z",
"dateReserved": "2025-02-27T06:49:23.057Z",
"dateUpdated": "2025-05-15T14:06:02.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27524 (GCVE-0-2025-27524)
Vulnerability from cvelistv5 – Published: 2025-05-15 06:27 – Updated: 2025-05-15 14:09
VLAI?
Title
Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Summary
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
Severity ?
5.3 (Medium)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Smart Device Manager |
Affected:
12-00 , < 12-00-08
(custom)
Affected: 11-10 , ≤ 11-10-08 (custom) Affected: 11-00 , ≤ 11-00-05 (custom) Affected: 10-50 , ≤ 10-50-06 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:09:18.489783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:09:59.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Smart Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-08",
"status": "unaffected"
}
],
"lessThan": "12-00-08",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-10-08",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-05",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-50-06",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.\u003c/p\u003e"
}
],
"value": "Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06."
}
],
"impacts": [
{
"capecId": "CAPEC-192",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-192 Protocol Analysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T06:27:32.686Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-115/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-115",
"discovery": "UNKNOWN"
},
"title": "Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-27524",
"datePublished": "2025-05-15T06:27:32.686Z",
"dateReserved": "2025-02-27T06:49:23.056Z",
"dateUpdated": "2025-05-15T14:09:59.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27523 (GCVE-0-2025-27523)
Vulnerability from cvelistv5 – Published: 2025-05-15 06:22 – Updated: 2025-05-15 15:53
VLAI?
Title
XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Summary
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
Severity ?
8.7 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Smart Device Manager |
Affected:
12-00 , < 12-00-08
(custom)
Affected: 11-10 , ≤ 11-10-08 (custom) Affected: 11-00 , ≤ 11-00-05 (custom) Affected: 10-50 , ≤ 10-50-06 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T15:53:33.512614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T15:53:51.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Smart Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-08",
"status": "unaffected"
}
],
"lessThan": "12-00-08",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-10-08",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-05",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-50-06",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.\u003c/p\u003e"
}
],
"value": "XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06."
}
],
"impacts": [
{
"capecId": "CAPEC-221",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-221 Data Serialization External Entities Blowup"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T06:22:09.764Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-115/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-115",
"discovery": "UNKNOWN"
},
"title": "XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-27523",
"datePublished": "2025-05-15T06:22:09.764Z",
"dateReserved": "2025-02-27T06:49:23.056Z",
"dateUpdated": "2025-05-15T15:53:51.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46899 (GCVE-0-2024-46899)
Vulnerability from cvelistv5 – Published: 2025-04-22 04:12 – Updated: 2025-04-22 13:24
VLAI?
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF
Summary
Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.
Severity ?
7.1 (High)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
10.0.0-00 , < 11.0.0-04
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T13:24:11.598018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T13:24:20.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.0-04",
"status": "unaffected"
}
],
"lessThan": "11.0.0-04",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Analyzer viewpoint OVF",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.0-04",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.\u003c/p\u003e"
}
],
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T04:12:56.387Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-111/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-111",
"discovery": "UNKNOWN"
},
"title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-46899",
"datePublished": "2025-04-22T04:12:56.387Z",
"dateReserved": "2024-10-22T04:20:15.324Z",
"dateUpdated": "2025-04-22T13:24:20.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2300 (GCVE-0-2025-2300)
Vulnerability from cvelistv5 – Published: 2025-04-22 04:12 – Updated: 2025-04-22 13:24
VLAI?
Title
Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Summary
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.
This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
Severity ?
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
11.0.3-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T13:24:48.746240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T13:24:55.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "11.0.3-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.\u003cbr\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.\nThis issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T04:12:41.660Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-112/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-112",
"discovery": "UNKNOWN"
},
"title": "Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2300",
"datePublished": "2025-04-22T04:12:41.660Z",
"dateReserved": "2025-03-14T01:39:43.295Z",
"dateUpdated": "2025-04-22T13:24:55.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57964 (GCVE-0-2024-57964)
Vulnerability from cvelistv5 – Published: 2025-02-18 06:33 – Updated: 2025-02-18 15:50 Unsupported When Assigned
VLAI?
Title
Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program
Summary
Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects HVAC Energy Saving Program:.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | HVAC Energy Saving Program |
Affected:
0 , ≤ *
(custom)
|
Credits
Sahil Shah
Shaurya
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-57964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:50:48.506333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:50:58.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HVAC Energy Saving Program",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sahil Shah"
},
{
"lang": "en",
"type": "finder",
"value": "Shaurya"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\u003cbr\u003e\u003cp\u003eThis issue affects HVAC Energy Saving Program:.\u003c/p\u003e"
}
],
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\nThis issue affects HVAC Energy Saving Program:."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T06:33:57.761Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/hirt/hitachi-sec/2025/001.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-001",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-57964",
"datePublished": "2025-02-18T06:33:57.761Z",
"dateReserved": "2025-01-29T07:37:45.731Z",
"dateUpdated": "2025-02-18T15:50:58.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57963 (GCVE-0-2024-57963)
Vulnerability from cvelistv5 – Published: 2025-02-18 06:33 – Updated: 2025-02-18 15:51 Unsupported When Assigned
VLAI?
Title
Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER
Summary
Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects USB-CONVERTERCABLE DRIVER:.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | USB-CONVERTERCABLE DRIVER |
Affected:
0 , ≤ *
(custom)
|
Credits
Sahil Shah
Shaurya
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-57963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:51:21.689667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:51:30.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "USB-CONVERTERCABLE DRIVER",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sahil Shah"
},
{
"lang": "en",
"type": "finder",
"value": "Shaurya"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\u003cbr\u003e\u003cp\u003eThis issue affects USB-CONVERTERCABLE DRIVER:.\u003c/p\u003e"
}
],
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\nThis issue affects USB-CONVERTERCABLE DRIVER:."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T06:33:02.885Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/hirt/hitachi-sec/2025/001.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-001",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-57963",
"datePublished": "2025-02-18T06:33:02.885Z",
"dateReserved": "2025-01-29T07:37:45.730Z",
"dateUpdated": "2025-02-18T15:51:30.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10205 (GCVE-0-2024-10205)
Vulnerability from cvelistv5 – Published: 2024-12-17 01:16 – Updated: 2024-12-17 14:57
VLAI?
Title
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Authentication Bypass
vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics
component
).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.
Severity ?
9.4 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.3-00
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:56:22.276629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:57:23.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.3-00",
"status": "unaffected"
}
],
"lessThan": "11.0.3-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "4.4.0-00",
"status": "affected",
"version": "2.1.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthentication Bypass\u003c/span\u003e\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.\u003c/p\u003e"
}
],
"value": "Authentication Bypass\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T01:16:19.301Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-151",
"discovery": "UNKNOWN"
},
"title": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-10205",
"datePublished": "2024-12-17T01:16:19.301Z",
"dateReserved": "2024-10-21T09:03:32.235Z",
"dateUpdated": "2024-12-17T14:57:23.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45068 (GCVE-0-2024-45068)
Vulnerability from cvelistv5 – Published: 2024-12-03 02:32 – Updated: 2024-12-03 15:54
VLAI?
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Summary
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.
This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.
Severity ?
7.1 (High)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
10.9.3-00 , < 11.0.3-00
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_ova",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_common_services",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.3-00",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:30:59.837741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T15:54:53.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.3-00",
"status": "unaffected"
}
],
"lessThan": "11.0.3-00",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center OVA",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.2-01",
"status": "unaffected"
}
],
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e"
}
],
"value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\n\n\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T02:32:03.225Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-149",
"discovery": "UNKNOWN"
},
"title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-45068",
"datePublished": "2024-12-03T02:32:03.225Z",
"dateReserved": "2024-10-22T04:20:15.307Z",
"dateUpdated": "2024-12-03T15:54:53.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7125 (GCVE-0-2024-7125)
Vulnerability from cvelistv5 – Published: 2024-08-27 04:15 – Updated: 2024-08-28 14:17
VLAI?
Title
Authentication Bypass Vulnerability in Hitachi Ops Center Common Services
Summary
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.
Severity ?
7.8 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
10.9.3-00 , < 11.0.2-01
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_common_services:10.9.3-00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_common_services",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:16:17.603187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:17:22.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.2-01",
"status": "unaffected"
}
],
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e"
}
],
"value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T04:15:15.774Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-143",
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Vulnerability in Hitachi Ops Center Common Services",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-7125",
"datePublished": "2024-08-27T04:15:15.774Z",
"dateReserved": "2024-07-26T09:21:02.356Z",
"dateUpdated": "2024-08-28T14:17:22.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5828 (GCVE-0-2024-5828)
Vulnerability from cvelistv5 – Published: 2024-08-06 02:21 – Updated: 2024-08-06 15:40
VLAI?
Title
EL Injection Vulnerability in Hitachi Tuning Manager
Summary
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.
Severity ?
8.6 (High)
CWE
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Tuning Manager |
Affected:
0 , < 8.8.7-00
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "tuning_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:linux_kernel:*:*"
],
"defaultStatus": "unknown",
"product": "tuning_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:solaris:*:*"
],
"defaultStatus": "unknown",
"product": "tuning_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:32:14.077410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:40:42.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Solaris"
],
"product": "Hitachi Tuning Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "8.8.7-00",
"status": "unaffected"
}
],
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.\u003cp\u003eThis issue affects Hitachi Tuning Manager: before 8.8.7-00.\u003c/p\u003e"
}
],
"value": "Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T02:21:38.553Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-140/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-140",
"discovery": "UNKNOWN"
},
"title": "EL Injection Vulnerability in Hitachi Tuning Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-5828",
"datePublished": "2024-08-06T02:21:38.553Z",
"dateReserved": "2024-06-11T01:34:48.734Z",
"dateUpdated": "2024-08-06T15:40:42.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5963 (GCVE-0-2024-5963)
Vulnerability from cvelistv5 – Published: 2024-08-06 02:19 – Updated: 2024-08-08 15:31
VLAI?
Title
An unquoted executable path exists in Hitachi Device Manager
Summary
Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.
Severity ?
6.7 (Medium)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Device Manager |
Affected:
0 , < 8.8.7-00
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "device_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:13:22.689547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:31:12.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Device Manager Server"
],
"platforms": [
"Windows"
],
"product": "Hitachi Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "8.8.7-00",
"status": "unaffected"
}
],
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).\u003cp\u003eThis issue affects Hitachi Device Manager: before 8.8.7-00.\u003c/p\u003e"
}
],
"value": "Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00."
}
],
"impacts": [
{
"capecId": "CAPEC-551",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-551 Modify Existing Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T02:19:41.244Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-135/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-135",
"discovery": "UNKNOWN"
},
"title": "An unquoted executable path exists in Hitachi Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-5963",
"datePublished": "2024-08-06T02:19:41.244Z",
"dateReserved": "2024-06-13T11:23:28.925Z",
"dateUpdated": "2024-08-08T15:31:12.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2819 (GCVE-0-2024-2819)
Vulnerability from cvelistv5 – Published: 2024-07-02 01:53 – Updated: 2024-08-01 19:25
VLAI?
Title
File Permission Vulnerability in Hitachi Ops Center Common Services
Summary
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.
Severity ?
5.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
0 , < 11.0.2-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T18:19:58.248604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T18:20:06.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.2-00",
"status": "unaffected"
}
],
"lessThan": "11.0.2-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: before 11.0.2-00.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T01:53:44.982Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-132",
"discovery": "UNKNOWN"
},
"title": "File Permission Vulnerability in Hitachi Ops Center Common Services",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-2819",
"datePublished": "2024-07-02T01:53:44.982Z",
"dateReserved": "2024-03-22T06:56:51.487Z",
"dateUpdated": "2024-08-01T19:25:41.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4679 (GCVE-0-2024-4679)
Vulnerability from cvelistv5 – Published: 2024-07-02 01:51 – Updated: 2024-08-01 20:47
VLAI?
Title
Folder Permission Vulnerability in JP1/Extensible SNMP Agent
Summary
Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.
Severity ?
7.8 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hitachi | JP1/Extensible SNMP Agent for Windows |
Affected:
12-00 , < 12-00-01
(custom)
Affected: 11-00 , ≤ 11-00-* (custom) |
||||||||||||
|
||||||||||||||
Credits
Shun Suzaki
Yutaka Kokubu
Kazuki Hirota
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:jp1\\/extensible_snmp_agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jp1\\/extensible_snmp_agent",
"vendor": "hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-01",
"status": "affected",
"version": "10-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-00-02",
"status": "affected",
"version": "10-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "9-00-04",
"status": "affected",
"version": "9-00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:job_management_partner1\\/extensible_snmp_agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "job_management_partner1\\/extensible_snmp_agent",
"vendor": "hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-01",
"status": "affected",
"version": "10-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-00-02",
"status": "affected",
"version": "10-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "9-00-04",
"status": "affected",
"version": "9-00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:jp1\\/extensible_snmp_agent:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "jp1/extensible_snmp_agent",
"vendor": "hitachi",
"versions": [
{
"lessThan": "12-00-01",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"status": "affected",
"version": "11-00"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:38:53.028845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T15:31:54.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/Extensible SNMP Agent for Windows",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-01",
"status": "unaffected"
}
],
"lessThan": "12-00-01",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-*",
"status": "affected",
"version": "11-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/Extensible SNMP Agent",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-01",
"status": "affected",
"version": "10-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-00-02",
"status": "affected",
"version": "10-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "09-00-04",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner1/Extensible SNMP Agent",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-01",
"status": "affected",
"version": "10-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-00-02",
"status": "affected",
"version": "10-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "09-00-04",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shun Suzaki"
},
{
"lang": "en",
"type": "finder",
"value": "Yutaka Kokubu"
},
{
"lang": "en",
"type": "finder",
"value": "Kazuki Hirota"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.\u003cp\u003eThis issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T01:51:01.295Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-127",
"discovery": "EXTERNAL"
},
"title": "Folder Permission Vulnerability in JP1/Extensible SNMP Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-4679",
"datePublished": "2024-07-02T01:51:01.295Z",
"dateReserved": "2024-05-09T05:32:33.169Z",
"dateUpdated": "2024-08-01T20:47:41.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28984 (GCVE-0-2024-28984)
Vulnerability from cvelistv5 – Published: 2024-06-26 22:41 – Updated: 2024-08-02 01:03
VLAI?
Title
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Vantara | Pentaho Business Analytics Server |
Affected:
1.0 , < 9.3.0.7
(maven)
Affected: 8.3 , < 10.1.0.0 (maven) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T19:45:24.153443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T14:28:53.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pentaho.com/hc/en-us/articles/27569319605901-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Business Analytics Server",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.3.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "10.1.0.0",
"status": "affected",
"version": "8.3",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cp\u003eHitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\n\n"
}
],
"value": "Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T22:41:57.450Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/27569319605901-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28984"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2024-28984",
"datePublished": "2024-06-26T22:41:57.450Z",
"dateReserved": "2024-03-13T19:18:14.913Z",
"dateUpdated": "2024-08-02T01:03:51.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28983 (GCVE-0-2024-28983)
Vulnerability from cvelistv5 – Published: 2024-06-26 22:40 – Updated: 2024-09-11 23:40
VLAI?
Title
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Vantara | Pentaho Business Analytics Server |
Affected:
1.0 , < 9.3.0.7
(maven)
Affected: 8.3 , < 10.1.0.0 (maven) |
Credits
Yesenia Trejo - Strike Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T14:48:05.798742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T14:48:13.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Business Analytics Server",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.3.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "10.1.0.0",
"status": "affected",
"version": "8.3",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yesenia Trejo - Strike Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T23:40:00.607Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2024-28983",
"datePublished": "2024-06-26T22:40:15.645Z",
"dateReserved": "2024-03-13T19:18:14.913Z",
"dateUpdated": "2024-09-11T23:40:00.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28982 (GCVE-0-2024-28982)
Vulnerability from cvelistv5 – Published: 2024-06-26 22:37 – Updated: 2024-09-11 23:39
VLAI?
Title
Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
Summary
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
Severity ?
7.1 (High)
CWE
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Vantara | Pentaho Business Analytics Server |
Affected:
1.0 , < 9.3.0.7
(maven)
Affected: 8.3 , < 10.1.0.0 (maven) |
Credits
Yesenia Trejo - Strike Security
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi_vantara:pentaho_business_analytics_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pentaho_business_analytics_server",
"vendor": "hitachi_vantara",
"versions": [
{
"lessThan": "9.3.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "10.1.0.0",
"status": "affected",
"version": "8.3",
"versionType": "maven"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T19:05:59.725032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:15:50.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Pentaho User Console"
],
"product": "Pentaho Business Analytics Server",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.3.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "10.1.0.0",
"status": "affected",
"version": "8.3",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yesenia Trejo - Strike Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference."
}
],
"impacts": [
{
"capecId": "CAPEC-197",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-197 Exponential Data Expansion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T23:39:29.658Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2024-28982",
"datePublished": "2024-06-26T22:37:01.285Z",
"dateReserved": "2024-03-13T19:18:14.913Z",
"dateUpdated": "2024-09-11T23:39:29.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22385 (GCVE-0-2024-22385)
Vulnerability from cvelistv5 – Published: 2024-06-25 01:34 – Updated: 2024-08-01 22:43
VLAI?
Title
File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter
Summary
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.
Severity ?
4.4 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Storage Provider for VMware vCenter |
Affected:
3.1.0 , < 3.7.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T15:19:51.578417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T15:20:01.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-129/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Storage Provider for VMware vCenter",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "3.7.4",
"status": "unaffected"
}
],
"lessThan": "3.7.4",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.\u003cp\u003eThis issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T01:34:24.077Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-129/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-129",
"discovery": "UNKNOWN"
},
"title": "File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-22385",
"datePublished": "2024-06-25T01:34:24.077Z",
"dateReserved": "2024-01-10T04:05:26.073Z",
"dateUpdated": "2024-08-01T22:43:34.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2493 (GCVE-0-2024-2493)
Vulnerability from cvelistv5 – Published: 2024-04-23 05:35 – Updated: 2024-08-01 19:18
VLAI?
Title
Session Hijacking Vulnerability in Hitachi Ops Center Analyzer
Summary
Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.
Severity ?
7.5 (High)
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.1-00
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:alaxala:ax:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alaxala",
"vendor": "hitachi",
"versions": [
{
"status": "affected",
"version": "10.0.0.00"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:06:41.923686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:47.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:18:46.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-122/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.1-00",
"status": "unaffected"
}
],
"lessThan": "11.0.1-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Session Hijacking vulnerability in Hitachi Ops Center Analyzer.\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.\u003c/p\u003e"
}
],
"value": "Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-23T05:35:57.491Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-122/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-122",
"discovery": "UNKNOWN"
},
"title": "Session Hijacking Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-2493",
"datePublished": "2024-04-23T05:35:57.491Z",
"dateReserved": "2024-03-15T07:31:31.514Z",
"dateUpdated": "2024-08-01T19:18:46.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6833 (GCVE-0-2023-6833)
Vulnerability from cvelistv5 – Published: 2024-04-23 05:35 – Updated: 2024-08-02 08:42
VLAI?
Title
Information Exposure Vulnerability in Hitachi Ops Center Administrator
Summary
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.
Severity ?
4.4 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Administrator |
Affected:
0 , < 11.0.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_administrator:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_administrator",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.1",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T20:37:24.413071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:56.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-121/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Administrator",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.1",
"status": "unaffected"
}
],
"lessThan": "11.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.\u003cp\u003eThis issue affects Hitachi Ops Center Administrator: before 11.0.1.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-23T05:35:48.828Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-121/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-121",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Hitachi Ops Center Administrator",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2023-6833",
"datePublished": "2024-04-23T05:35:48.828Z",
"dateReserved": "2023-12-15T01:42:35.987Z",
"dateUpdated": "2024-08-02T08:42:07.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36407 (GCVE-0-2022-36407)
Vulnerability from cvelistv5 – Published: 2024-03-25 05:55 – Updated: 2024-08-03 10:07
VLAI?
Title
Information Exposure Vulnerability in Hitachi Disk Array Systems
Summary
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows
local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.
Severity ?
9.9 (Critical)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform |
Affected:
0 , < DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T14:13:58.055778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:12.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:33.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VP9500",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G1000, G1500",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform F1500",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Unified Storage VM",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G100, G200, G400, G600, G800",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform F400, F600, F800",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows \n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003elocal users to gain sensitive information\u003c/span\u003e.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows \n\nlocal users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T05:55:36.386Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html"
}
],
"source": {
"advisory": "hitachi-sec-2022-313",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Hitachi Disk Array Systems",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2022-36407",
"datePublished": "2024-03-25T05:55:36.386Z",
"dateReserved": "2022-07-22T13:52:23.508Z",
"dateUpdated": "2024-08-03T10:07:33.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6814 (GCVE-0-2023-6814)
Vulnerability from cvelistv5 – Published: 2024-03-12 03:39 – Updated: 2024-08-02 08:42
VLAI?
Title
Information Exposure Vulnerability in Cosminexus Component Container
Summary
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.
Severity ?
5.6 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Cosminexus Component Container |
Affected:
11-30 , < 11-30-05
(custom)
Affected: 11-20 , < 11-20-07 (custom) Affected: 11-10 , < 11-10-10 (custom) Affected: 11-00 , < 11-00-12 (custom) Affected: 08-00 , ≤ 09-* (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T13:30:31.864165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T01:57:04.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cosminexus Component Container",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11-30-05",
"status": "unaffected"
}
],
"lessThan": "11-30-05",
"status": "affected",
"version": "11-30",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-20-07",
"status": "unaffected"
}
],
"lessThan": "11-20-07",
"status": "affected",
"version": "11-20",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-10-10",
"status": "unaffected"
}
],
"lessThan": "11-10-10",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-00-12",
"status": "unaffected"
}
],
"lessThan": "11-00-12",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "09-*",
"status": "affected",
"version": "08-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.\u003cp\u003eThis issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T03:10:06.839Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-118",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Cosminexus Component Container",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2023-6814",
"datePublished": "2024-03-12T03:39:22.392Z",
"dateReserved": "2023-12-14T02:26:36.719Z",
"dateUpdated": "2024-08-02T08:42:07.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5617 (GCVE-0-2023-5617)
Vulnerability from cvelistv5 – Published: 2024-02-28 22:30 – Updated: 2024-08-29 14:47
VLAI?
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Server-generated Error Message Containing Sensitive Information
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
Severity ?
5.3 (Medium)
CWE
- CWE-550 - Server-generated Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration & Analytics |
Affected:
1.0 , < 9.3.0.6
(maven)
Affected: 9.4.0.0 , < 10.1.0.0 (maven) |
Credits
Hitachi Group Member
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi_vantara:pentaho_data_integration_\\\u0026_analytics:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pentaho_data_integration_\\\u0026_analytics",
"vendor": "hitachi_vantara",
"versions": [
{
"lessThan": "9.3.0.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThan": "10.1.0.0",
"status": "affected",
"version": "9.4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T18:28:22.655674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:47:10.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration \u0026 Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "9.3.0.6",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "10.1.0.0",
"status": "affected",
"version": "9.4.0.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eHitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.1.0.0 and 9.3.0.6, including\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\u003c/span\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nHitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.1.0.0 and 9.3.0.6, including\u00a09.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-170",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-170 Web Application Fingerprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-550",
"description": "CWE-550: Server-generated Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T22:30:40.128Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Server-generated Error Message Containing Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2023-5617",
"datePublished": "2024-02-28T22:30:40.128Z",
"dateReserved": "2023-10-17T15:42:11.661Z",
"dateUpdated": "2024-08-29T14:47:10.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0715 (GCVE-0-2024-0715)
Vulnerability from cvelistv5 – Published: 2024-02-20 01:17 – Updated: 2024-08-08 19:10
VLAI?
Title
EL Injection Vulnerability in Hitachi Global Link Manager
Summary
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
Severity ?
7.6 (High)
CWE
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Global Link Manager |
Affected:
0 , < 8.8.7-03
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_link_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T18:28:11.544360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:10:35.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Hitachi Global Link Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "8.8.7-03",
"status": "unaffected"
}
],
"lessThan": "8.8.7-03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.\u003cp\u003eThis issue affects Hitachi Global Link Manager: before 8.8.7-03.\u003c/p\u003e"
}
],
"value": "Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T01:17:38.663Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-112",
"discovery": "UNKNOWN"
},
"title": "EL Injection Vulnerability in Hitachi Global Link Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-0715",
"datePublished": "2024-02-20T01:17:38.663Z",
"dateReserved": "2024-01-19T07:07:17.235Z",
"dateUpdated": "2024-08-08T19:10:35.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}