Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    898 vulnerabilities by Hitachi

    CVE-2025-7386 (GCVE-0-2025-7386)

    Vulnerability from nvd – Published: 2026-06-29 05:22 – Updated: 2026-06-29 12:36
    VLAI
    Title
    Information exposure vulnerability in Hitachi Storage Navigator
    Summary
    Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8 Affected: 0 , < DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7 Affected: 0 , < DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T12:35:44.062299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T12:36:33.277Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Information exposure vulnerability in Hitachi Storage Navigator.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.\u003c/p\u003e"
                }
              ],
              "value": "Information exposure vulnerability in Hitachi Storage Navigator.\n\nThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T05:22:37.701Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_301.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-301",
            "discovery": "UNKNOWN"
          },
          "title": "Information exposure vulnerability in Hitachi Storage Navigator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-7386",
        "datePublished": "2026-06-29T05:22:37.701Z",
        "dateReserved": "2025-07-09T10:16:02.704Z",
        "dateUpdated": "2026-06-29T12:36:33.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2902 (GCVE-0-2025-2902)

    Vulnerability from nvd – Published: 2026-06-29 05:52 – Updated: 2026-06-29 12:40
    VLAI
    Title
    Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
    Summary
    Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T12:39:47.151090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T12:40:09.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\n\nThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T05:52:39.570Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-305",
            "discovery": "UNKNOWN"
          },
          "title": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-2902",
        "datePublished": "2026-06-29T05:52:39.570Z",
        "dateReserved": "2025-03-28T06:25:15.368Z",
        "dateUpdated": "2026-06-29T12:40:09.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0824 (GCVE-0-2025-0824)

    Vulnerability from nvd – Published: 2026-06-29 05:34 – Updated: 2026-06-29 12:38
    VLAI
    Title
    lack of validation for firmware update in Hitachi Virtual Storage
    Summary
    Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper verification of cryptographic signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T12:38:22.989556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T12:38:48.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23, 24, 26, 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of validation for firmware update\u0026nbsp;in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/p\u003e"
                }
              ],
              "value": "Lack of validation for firmware update\u00a0in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-473 Signature Spoof"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper verification of cryptographic signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T05:34:34.668Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_308.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-308",
            "discovery": "UNKNOWN"
          },
          "title": "lack of validation for firmware update in Hitachi Virtual Storage",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-0824",
        "datePublished": "2026-06-29T05:34:34.668Z",
        "dateReserved": "2025-01-29T07:25:51.664Z",
        "dateUpdated": "2026-06-29T12:38:48.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7737 (GCVE-0-2025-7737)

    Vulnerability from nvd – Published: 2026-06-19 05:13 – Updated: 2026-06-22 15:04
    VLAI
    Title
    DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform
    Summary
    DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform E990, E1090, E1090H Affected: 0 , < DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H Affected: 0 , < DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800 Affected: 0 , < DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H Affected: 0 , < DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom)
    Affected: 0 , < DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom)
    Affected: 0 , < DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500 Affected: 0 , < DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:04:02.928880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:04:12.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E990, E1090, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eDoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\u003c/div\u003e\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.\u003c/p\u003e"
                }
              ],
              "value": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\n\n\n\nThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-482",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-482 TCP Flood"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of resources without limits or throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T05:13:38.611Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-312",
            "discovery": "UNKNOWN"
          },
          "title": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-7737",
        "datePublished": "2026-06-19T05:13:38.611Z",
        "dateReserved": "2025-07-17T05:09:06.792Z",
        "dateUpdated": "2026-06-22T15:04:12.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2255 (GCVE-0-2026-2255)

    Vulnerability from nvd – Published: 2026-05-27 02:51 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:31.690560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:39.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u0026nbsp;the user should not see those explicitly, the defect is mitigated by the fact the user can already\u0026nbsp;leverage those credentials to submit jobs under the same account through the backend API.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-102",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-102 Session Sidejacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:57:46.206Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2255",
        "datePublished": "2026-05-27T02:51:31.793Z",
        "dateReserved": "2026-02-09T15:09:09.473Z",
        "dateUpdated": "2026-05-27T18:00:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2254 (GCVE-0-2026-2254)

    Vulnerability from nvd – Published: 2026-05-27 02:46 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:59:55.849274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:14.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:46:36.132Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Incorrect Permission Assignment for Critical  Resource",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2254",
        "datePublished": "2026-05-27T02:46:36.132Z",
        "dateReserved": "2026-02-09T15:09:08.406Z",
        "dateUpdated": "2026-05-27T18:00:14.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2253 (GCVE-0-2026-2253)

    Vulnerability from nvd – Published: 2026-05-27 02:54 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper restriction of XML external entity reference
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:51.429151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:59.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.7 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper restriction of XML external entity reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:54:25.857Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Improper Restriction of XML External Entity  Reference",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2253",
        "datePublished": "2026-05-27T02:54:25.857Z",
        "dateReserved": "2026-02-09T15:09:06.755Z",
        "dateUpdated": "2026-05-27T18:00:59.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3314 (GCVE-0-2026-3314)

    Vulnerability from nvd – Published: 2026-05-26 05:57 – Updated: 2026-05-26 12:22
    VLAI
    Title
    Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
    Summary
    Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules). This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-549 - Missing password field masking
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T12:21:39.028766Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T12:22:47.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Hitachi Ops Center Analyzer detail view",
                "Hitachi Ops Center Analyzer probe"
              ],
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Ops Center Analyzer",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.0.8-00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.0.8-00",
                  "status": "affected",
                  "version": "10.0.0-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Ops Center Analyzer viewpoint",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.0.8-00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.0.8-00",
                  "status": "affected",
                  "version": "10.8.1-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Data Center Analytics",
                "Analytics probe"
              ],
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Infrastructure Analytics Advisor",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThan": "11.0.8-00",
                  "status": "affected",
                  "version": "3.2.0-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.\u003c/p\u003e"
                }
              ],
              "value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\n\nThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-555",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-555 Remote Services with Stolen Credentials"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-549",
                  "description": "CWE-549 Missing password field masking",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T05:57:09.752Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-120/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-120",
            "discovery": "UNKNOWN"
          },
          "title": "Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2026-3314",
        "datePublished": "2026-05-26T05:57:09.752Z",
        "dateReserved": "2026-02-27T06:34:14.106Z",
        "dateUpdated": "2026-05-26T12:22:47.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11159 (GCVE-0-2025-11159)

    Vulnerability from nvd – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 1.0 , < 11.0 (maven)
    Create a notification for this product.
    Credits
    Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:44:30.743315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:44:36.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan  from OX Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-310",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-310 Scanning for Vulnerable Software"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T05:36:43.720Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party  Component",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2025-11159",
        "datePublished": "2026-05-13T05:36:43.720Z",
        "dateReserved": "2025-09-29T14:53:44.917Z",
        "dateUpdated": "2026-05-13T14:44:36.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2514 (GCVE-0-2025-2514)

    Vulnerability from nvd – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
    Summary
    Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper restriction of excessive authentication attempts
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2514",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:41:07.277696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:41:12.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
                }
              ],
              "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-49",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-49 Password Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper restriction of excessive authentication attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T07:30:28.144Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-306",
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-2514",
        "datePublished": "2026-05-07T07:30:28.144Z",
        "dateReserved": "2025-03-19T01:13:12.468Z",
        "dateUpdated": "2026-05-07T13:41:12.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1978 (GCVE-0-2025-1978)

    Vulnerability from nvd – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
    VLAI
    Title
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
    Summary
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    Create a notification for this product.
    Credits
    Thomas Josef Riedmaier, Siemens Energy.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:39:55.440215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:40:00.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thomas Josef Riedmaier, Siemens Energy."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T08:05:42.743Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-307",
            "discovery": "EXTERNAL"
          },
          "title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-1978",
        "datePublished": "2026-05-07T08:05:42.743Z",
        "dateReserved": "2025-03-05T03:18:02.426Z",
        "dateUpdated": "2026-05-07T13:40:00.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9661 (GCVE-0-2025-9661)

    Vulnerability from nvd – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
    VLAI
    Title
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
    Summary
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform One Block 23 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 24 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 26 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 28 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:02:14.993613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:02:35.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 24",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 26",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
                }
              ],
              "value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T07:08:14.823Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-309",
            "discovery": "UNKNOWN"
          },
          "title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-9661",
        "datePublished": "2026-05-07T07:08:14.823Z",
        "dateReserved": "2025-08-29T07:14:42.691Z",
        "dateUpdated": "2026-05-07T13:02:35.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65116 (GCVE-0-2025-65116)

    Vulnerability from nvd – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
    VLAI
    Title
    Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
    Summary
    Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-763 - Release of invalid pointer or reference
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi JP1/IT Desktop Management 2 - Manager Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management 2 - Operations Director Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management 2 - Manager Affected: 10-50 , ≤ 10-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Manager Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Client Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Manager Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Client Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Credits
    Ruslan Sayfiev Denis Faiustov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T13:25:49.919013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-07T13:25:56.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Operations Director",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ruslan Sayfiev"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Denis Faiustov"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-763",
                  "description": "CWE-763 Release of invalid pointer or reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T05:43:25.553Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-118",
            "discovery": "EXTERNAL"
          },
          "title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-65116",
        "datePublished": "2026-04-07T05:43:25.553Z",
        "dateReserved": "2025-11-18T01:27:41.899Z",
        "dateUpdated": "2026-04-07T13:25:56.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65115 (GCVE-0-2025-65115)

    Vulnerability from nvd – Published: 2026-04-07 05:19 – Updated: 2026-04-07 13:26
    VLAI
    Title
    Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
    Summary
    Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External control of file name or path
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi JP1/IT Desktop Management 2 - Manager Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management 2 - Operations Director Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management 2 - Manager Affected: 10-50 , ≤ 10-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Manager Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Client Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Manager Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Client Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Credits
    Ruslan Sayfiev Denis Faiustov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T13:26:13.754013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-07T13:26:20.981Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Operations Director",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ruslan Sayfiev"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Denis Faiustov"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remote Code Execution Vulnerability\u0026nbsp;in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
                }
              ],
              "value": "Remote Code Execution Vulnerability\u00a0in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External control of file name or path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T05:19:50.413Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-118",
            "discovery": "EXTERNAL"
          },
          "title": "Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-65115",
        "datePublished": "2026-04-07T05:19:50.413Z",
        "dateReserved": "2025-11-18T01:27:41.899Z",
        "dateUpdated": "2026-04-07T13:26:20.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2072 (GCVE-0-2026-2072)

    Vulnerability from nvd – Published: 2026-03-25 02:15 – Updated: 2026-03-25 13:29
    VLAI
    Title
    Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
    Summary
    Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:29:10.197265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:29:19.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Analytics probe"
              ],
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Infrastructure Analytics Advisor",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Ops Center Analyzer",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.0.5-00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.0.5-00",
                  "status": "affected",
                  "version": "10.0.0-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T02:15:44.430Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-114",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2026-2072",
        "datePublished": "2026-03-25T02:15:44.430Z",
        "dateReserved": "2026-02-06T07:41:41.771Z",
        "dateUpdated": "2026-03-25T13:29:19.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1166 (GCVE-0-2026-1166)

    Vulnerability from nvd – Published: 2026-03-25 02:07 – Updated: 2026-03-25 13:30
    VLAI
    Title
    Open Redirect Vulnerability in Hitachi Ops Center Administrator
    Summary
    Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL redirection to untrusted site ('open redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Ops Center Administrator Affected: 10.2.0 , < 11.0.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:30:17.223904Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:30:24.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Hitachi Ops Center Administrator",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.0.8",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.0.8",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.\u003cp\u003eThis issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.\u003c/p\u003e"
                }
              ],
              "value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T02:07:10.895Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-113/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-113",
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect Vulnerability in Hitachi Ops Center Administrator",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2026-1166",
        "datePublished": "2026-03-25T02:07:10.895Z",
        "dateReserved": "2026-01-19T05:00:10.434Z",
        "dateUpdated": "2026-03-25T13:30:24.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2902 (GCVE-0-2025-2902)

    Vulnerability from cvelistv5 – Published: 2026-06-29 05:52 – Updated: 2026-06-29 12:40
    VLAI
    Title
    Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
    Summary
    Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T12:39:47.151090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T12:40:09.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\n\nThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T05:52:39.570Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-305",
            "discovery": "UNKNOWN"
          },
          "title": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-2902",
        "datePublished": "2026-06-29T05:52:39.570Z",
        "dateReserved": "2025-03-28T06:25:15.368Z",
        "dateUpdated": "2026-06-29T12:40:09.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0824 (GCVE-0-2025-0824)

    Vulnerability from cvelistv5 – Published: 2026-06-29 05:34 – Updated: 2026-06-29 12:38
    VLAI
    Title
    lack of validation for firmware update in Hitachi Virtual Storage
    Summary
    Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper verification of cryptographic signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T12:38:22.989556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T12:38:48.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23, 24, 26, 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of validation for firmware update\u0026nbsp;in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/p\u003e"
                }
              ],
              "value": "Lack of validation for firmware update\u00a0in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-473 Signature Spoof"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper verification of cryptographic signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T05:34:34.668Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_308.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-308",
            "discovery": "UNKNOWN"
          },
          "title": "lack of validation for firmware update in Hitachi Virtual Storage",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-0824",
        "datePublished": "2026-06-29T05:34:34.668Z",
        "dateReserved": "2025-01-29T07:25:51.664Z",
        "dateUpdated": "2026-06-29T12:38:48.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7386 (GCVE-0-2025-7386)

    Vulnerability from cvelistv5 – Published: 2026-06-29 05:22 – Updated: 2026-06-29 12:36
    VLAI
    Title
    Information exposure vulnerability in Hitachi Storage Navigator
    Summary
    Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8 Affected: 0 , < DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7 Affected: 0 , < DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T12:35:44.062299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-29T12:36:33.277Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Information exposure vulnerability in Hitachi Storage Navigator.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.\u003c/p\u003e"
                }
              ],
              "value": "Information exposure vulnerability in Hitachi Storage Navigator.\n\nThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T05:22:37.701Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_301.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-301",
            "discovery": "UNKNOWN"
          },
          "title": "Information exposure vulnerability in Hitachi Storage Navigator",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-7386",
        "datePublished": "2026-06-29T05:22:37.701Z",
        "dateReserved": "2025-07-09T10:16:02.704Z",
        "dateUpdated": "2026-06-29T12:36:33.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7737 (GCVE-0-2025-7737)

    Vulnerability from cvelistv5 – Published: 2026-06-19 05:13 – Updated: 2026-06-22 15:04
    VLAI
    Title
    DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform
    Summary
    DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform E990, E1090, E1090H Affected: 0 , < DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H Affected: 0 , < DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Affected: 0 , < DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800 Affected: 0 , < DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H Affected: 0 , < DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom)
    Affected: 0 , < DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom)
    Affected: 0 , < DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500 Affected: 0 , < DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:04:02.928880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:04:12.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E990, E1090, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eDoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\u003c/div\u003e\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.\u003c/p\u003e"
                }
              ],
              "value": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\n\n\n\nThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-482",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-482 TCP Flood"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of resources without limits or throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T05:13:38.611Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-312",
            "discovery": "UNKNOWN"
          },
          "title": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-7737",
        "datePublished": "2026-06-19T05:13:38.611Z",
        "dateReserved": "2025-07-17T05:09:06.792Z",
        "dateUpdated": "2026-06-22T15:04:12.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2253 (GCVE-0-2026-2253)

    Vulnerability from cvelistv5 – Published: 2026-05-27 02:54 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper restriction of XML external entity reference
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:51.429151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:59.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.7 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-201",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-201 Serialized Data External Linking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper restriction of XML external entity reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:54:25.857Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Improper Restriction of XML External Entity  Reference",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2253",
        "datePublished": "2026-05-27T02:54:25.857Z",
        "dateReserved": "2026-02-09T15:09:06.755Z",
        "dateUpdated": "2026-05-27T18:00:59.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2255 (GCVE-0-2026-2255)

    Vulnerability from cvelistv5 – Published: 2026-05-27 02:51 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T18:00:31.690560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:39.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u0026nbsp;the user should not see those explicitly, the defect is mitigated by the fact the user can already\u0026nbsp;leverage those credentials to submit jobs under the same account through the backend API.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-102",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-102 Session Sidejacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:57:46.206Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Insufficiently Protected Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2255",
        "datePublished": "2026-05-27T02:51:31.793Z",
        "dateReserved": "2026-02-09T15:09:09.473Z",
        "dateUpdated": "2026-05-27T18:00:39.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2254 (GCVE-0-2026-2254)

    Vulnerability from cvelistv5 – Published: 2026-05-27 02:46 – Updated: 2026-05-27 18:00
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.6 (maven)
    Affected: 10.0 , < 11.0.0.0 (maven)
    Create a notification for this product.
    Credits
    Hitachi Group Member
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T17:59:55.849274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T18:00:14.572Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0.0.0",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hitachi Group Member"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T02:46:36.132Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Incorrect Permission Assignment for Critical  Resource",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2026-2254",
        "datePublished": "2026-05-27T02:46:36.132Z",
        "dateReserved": "2026-02-09T15:09:08.406Z",
        "dateUpdated": "2026-05-27T18:00:14.572Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3314 (GCVE-0-2026-3314)

    Vulnerability from cvelistv5 – Published: 2026-05-26 05:57 – Updated: 2026-05-26 12:22
    VLAI
    Title
    Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
    Summary
    Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules). This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-549 - Missing password field masking
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T12:21:39.028766Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T12:22:47.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Hitachi Ops Center Analyzer detail view",
                "Hitachi Ops Center Analyzer probe"
              ],
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Ops Center Analyzer",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.0.8-00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.0.8-00",
                  "status": "affected",
                  "version": "10.0.0-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Ops Center Analyzer viewpoint",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "11.0.8-00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "11.0.8-00",
                  "status": "affected",
                  "version": "10.8.1-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Data Center Analytics",
                "Analytics probe"
              ],
              "platforms": [
                "Linux",
                "64 bit"
              ],
              "product": "Hitachi Infrastructure Analytics Advisor",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThan": "11.0.8-00",
                  "status": "affected",
                  "version": "3.2.0-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.\u003c/p\u003e"
                }
              ],
              "value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\n\nThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-555",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-555 Remote Services with Stolen Credentials"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-549",
                  "description": "CWE-549 Missing password field masking",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T05:57:09.752Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-120/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-120",
            "discovery": "UNKNOWN"
          },
          "title": "Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2026-3314",
        "datePublished": "2026-05-26T05:57:09.752Z",
        "dateReserved": "2026-02-27T06:34:14.106Z",
        "dateUpdated": "2026-05-26T12:22:47.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11159 (GCVE-0-2025-11159)

    Vulnerability from cvelistv5 – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
    VLAI
    Title
    Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
    Summary
    Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Vantara Pentaho Data Integration and Analytics Affected: 1.0 , < 10.2.0.7 (maven)
    Affected: 1.0 , < 11.0 (maven)
    Create a notification for this product.
    Credits
    Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:44:30.743315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:44:36.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Pentaho Data Integration and Analytics",
              "vendor": "Hitachi Vantara",
              "versions": [
                {
                  "lessThan": "10.2.0.7",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                },
                {
                  "lessThan": "11.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan  from OX Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
                }
              ],
              "value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-310",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-310 Scanning for Vulnerable Software"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T05:36:43.720Z",
            "orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
            "shortName": "HITVAN"
          },
          "references": [
            {
              "url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party  Component",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
        "assignerShortName": "HITVAN",
        "cveId": "CVE-2025-11159",
        "datePublished": "2026-05-13T05:36:43.720Z",
        "dateReserved": "2025-09-29T14:53:44.917Z",
        "dateUpdated": "2026-05-13T14:44:36.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1978 (GCVE-0-2025-1978)

    Vulnerability from cvelistv5 – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
    VLAI
    Title
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
    Summary
    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom)
    Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom)
    Create a notification for this product.
    Credits
    Thomas Josef Riedmaier, Siemens Energy.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:39:55.440215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:40:00.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thomas Josef Riedmaier, Siemens Energy."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T08:05:42.743Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-307",
            "discovery": "EXTERNAL"
          },
          "title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-1978",
        "datePublished": "2026-05-07T08:05:42.743Z",
        "dateReserved": "2025-03-05T03:18:02.426Z",
        "dateUpdated": "2026-05-07T13:40:00.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2514 (GCVE-0-2025-2514)

    Vulnerability from cvelistv5 – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
    Summary
    Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper restriction of excessive authentication attempts
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 Affected: 0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00 (custom)
    Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom)
    Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2514",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:41:07.277696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:41:12.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
                }
              ],
              "value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-49",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-49 Password Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper restriction of excessive authentication attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T07:30:28.144Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-306",
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-2514",
        "datePublished": "2026-05-07T07:30:28.144Z",
        "dateReserved": "2025-03-19T01:13:12.468Z",
        "dateUpdated": "2026-05-07T13:41:12.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9661 (GCVE-0-2025-9661)

    Vulnerability from cvelistv5 – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
    VLAI
    Title
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
    Summary
    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi Hitachi Virtual Storage Platform One Block 23 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 24 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 26 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Hitachi Hitachi Virtual Storage Platform One Block 28 Affected: 0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T13:02:14.993613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T13:02:35.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 23",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 24",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 26",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Hitachi Virtual Storage Platform One Block 28",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
                }
              ],
              "value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T07:08:14.823Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-309",
            "discovery": "UNKNOWN"
          },
          "title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-9661",
        "datePublished": "2026-05-07T07:08:14.823Z",
        "dateReserved": "2025-08-29T07:14:42.691Z",
        "dateUpdated": "2026-05-07T13:02:35.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65116 (GCVE-0-2025-65116)

    Vulnerability from cvelistv5 – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
    VLAI
    Title
    Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
    Summary
    Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-763 - Release of invalid pointer or reference
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi JP1/IT Desktop Management 2 - Manager Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management 2 - Operations Director Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management 2 - Manager Affected: 10-50 , ≤ 10-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Manager Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Client Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Manager Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Client Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Credits
    Ruslan Sayfiev Denis Faiustov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T13:25:49.919013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-07T13:25:56.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Operations Director",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ruslan Sayfiev"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Denis Faiustov"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
                }
              ],
              "value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-763",
                  "description": "CWE-763 Release of invalid pointer or reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T05:43:25.553Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-118",
            "discovery": "EXTERNAL"
          },
          "title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-65116",
        "datePublished": "2026-04-07T05:43:25.553Z",
        "dateReserved": "2025-11-18T01:27:41.899Z",
        "dateUpdated": "2026-04-07T13:25:56.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65115 (GCVE-0-2025-65115)

    Vulnerability from cvelistv5 – Published: 2026-04-07 05:19 – Updated: 2026-04-07 13:26
    VLAI
    Title
    Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
    Summary
    Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External control of file name or path
    Assigner
    Impacted products
    Vendor Product Version
    Hitachi JP1/IT Desktop Management 2 - Manager Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management 2 - Operations Director Affected: 13-50 , < 13-50-02 (custom)
    Affected: 13-11 , < 13-11-04 (custom)
    Affected: 13-10 , < 13-10-07 (custom)
    Affected: 13-01 , < 13-01-07 (custom)
    Affected: 13-00 , < 13-00-05 (custom)
    Affected: 12-60 , < 12-60-12 (custom)
    Affected: 10-50 , ≤ 12-50-11 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management 2 - Manager Affected: 10-50 , ≤ 10-50-11 (custom)
    Create a notification for this product.
    Hitachi JP1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/IT Desktop Management - Manager Affected: 09-50 , ≤ 10-10-16 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Manager Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi JP1/NETM/DM Client Affected: 09-00 , ≤ 10-20-02 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Manager Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Hitachi Job Management Partner 1/Software Distribution Client Affected: 09-00 , ≤ 09-51-13 (custom)
    Create a notification for this product.
    Credits
    Ruslan Sayfiev Denis Faiustov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-07T13:26:13.754013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-07T13:26:20.981Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management 2 - Operations Director",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "13-50-02",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-50-02",
                  "status": "affected",
                  "version": "13-50",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-11-04",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-11-04",
                  "status": "affected",
                  "version": "13-11",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-10-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-10-07",
                  "status": "affected",
                  "version": "13-10",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-01-07",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-01-07",
                  "status": "affected",
                  "version": "13-01",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "13-00-05",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "13-00-05",
                  "status": "affected",
                  "version": "13-00",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "12-60-12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "12-60-12",
                  "status": "affected",
                  "version": "12-60",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-50-11",
                  "status": "affected",
                  "version": "10-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/IT Desktop Management - Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "10-10-16",
                  "status": "affected",
                  "version": "09-50",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "JP1/NETM/DM Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "10-30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "10-20-02",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Manager",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Job Management Partner 1/Software Distribution Client",
              "vendor": "Hitachi",
              "versions": [
                {
                  "lessThanOrEqual": "09-51-13",
                  "status": "affected",
                  "version": "09-00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ruslan Sayfiev"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Denis Faiustov"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remote Code Execution Vulnerability\u0026nbsp;in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
                }
              ],
              "value": "Remote Code Execution Vulnerability\u00a0in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External control of file name or path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T05:19:50.413Z",
            "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
            "shortName": "Hitachi"
          },
          "references": [
            {
              "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
            }
          ],
          "source": {
            "advisory": "hitachi-sec-2026-118",
            "discovery": "EXTERNAL"
          },
          "title": "Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "assignerShortName": "Hitachi",
        "cveId": "CVE-2025-65115",
        "datePublished": "2026-04-07T05:19:50.413Z",
        "dateReserved": "2025-11-18T01:27:41.899Z",
        "dateUpdated": "2026-04-07T13:26:20.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }