Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
898 vulnerabilities by Hitachi
CVE-2025-7386 (GCVE-0-2025-7386)
Vulnerability from nvd – Published: 2026-06-29 05:22 – Updated: 2026-06-29 12:36
VLAI
EPSS
VEX
Title
Information exposure vulnerability in Hitachi Storage Navigator
Summary
Information exposure vulnerability in Hitachi Storage Navigator.
This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8 |
Affected:
0 , < DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00
(custom)
Affected: 0 , < DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7 |
Affected:
0 , < DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:35:44.062299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:36:33.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information exposure vulnerability in Hitachi Storage Navigator.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.\u003c/p\u003e"
}
],
"value": "Information exposure vulnerability in Hitachi Storage Navigator.\n\nThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:22:37.701Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_301.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-301",
"discovery": "UNKNOWN"
},
"title": "Information exposure vulnerability in Hitachi Storage Navigator",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-7386",
"datePublished": "2026-06-29T05:22:37.701Z",
"dateReserved": "2025-07-09T10:16:02.704Z",
"dateUpdated": "2026-06-29T12:36:33.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2902 (GCVE-0-2025-2902)
Vulnerability from nvd – Published: 2026-06-29 05:52 – Updated: 2026-06-29 12:40
VLAI
EPSS
VEX
Title
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
Summary
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H |
Affected:
0 , < DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:39:47.151090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:40:09.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.\u003c/p\u003e"
}
],
"value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\n\nThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:52:39.570Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-305",
"discovery": "UNKNOWN"
},
"title": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2902",
"datePublished": "2026-06-29T05:52:39.570Z",
"dateReserved": "2025-03-28T06:25:15.368Z",
"dateUpdated": "2026-06-29T12:40:09.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0824 (GCVE-0-2025-0824)
Vulnerability from nvd – Published: 2026-06-29 05:34 – Updated: 2026-06-29 12:38
VLAI
EPSS
VEX
Title
lack of validation for firmware update in Hitachi Virtual Storage
Summary
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.
This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper verification of cryptographic signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, 24, 26, 28 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:38:22.989556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:38:48.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, 24, 26, 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of validation for firmware update\u0026nbsp;in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/p\u003e"
}
],
"value": "Lack of validation for firmware update\u00a0in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
}
],
"impacts": [
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-473 Signature Spoof"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper verification of cryptographic signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:34:34.668Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_308.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-308",
"discovery": "UNKNOWN"
},
"title": "lack of validation for firmware update in Hitachi Virtual Storage",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-0824",
"datePublished": "2026-06-29T05:34:34.668Z",
"dateReserved": "2025-01-29T07:25:51.664Z",
"dateUpdated": "2026-06-29T12:38:48.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7737 (GCVE-0-2025-7737)
Vulnerability from nvd – Published: 2026-06-19 05:13 – Updated: 2026-06-22 15:04
VLAI
EPSS
VEX
Title
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform
Summary
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform E990, E1090, E1090H |
Affected:
0 , < DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
Affected: 0 , < DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H |
Affected:
0 , < DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
Affected: 0 , < DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04) |
|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800 |
Affected:
0 , < DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H |
Affected:
0 , < DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07
(custom)
Affected: 0 , < DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom) Affected: 0 , < DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500 |
Affected:
0 , < DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T15:04:02.928880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:04:12.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E990, E1090, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\u003c/div\u003e\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.\u003c/p\u003e"
}
],
"value": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\n\n\n\nThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17."
}
],
"impacts": [
{
"capecId": "CAPEC-482",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-482 TCP Flood"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of resources without limits or throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T05:13:38.611Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-312",
"discovery": "UNKNOWN"
},
"title": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-7737",
"datePublished": "2026-06-19T05:13:38.611Z",
"dateReserved": "2025-07-17T05:09:06.792Z",
"dateUpdated": "2026-06-22T15:04:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2255 (GCVE-0-2026-2255)
Vulnerability from nvd – Published: 2026-05-27 02:51 – Updated: 2026-05-27 18:00
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.6
(maven)
Affected: 10.0 , < 11.0.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T18:00:31.690560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:00:39.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.6",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0.0",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u0026nbsp;the user should not see those explicitly, the defect is mitigated by the fact the user can already\u0026nbsp;leverage those credentials to submit jobs under the same account through the backend API.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API."
}
],
"impacts": [
{
"capecId": "CAPEC-102",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-102 Session Sidejacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:57:46.206Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2026-2255",
"datePublished": "2026-05-27T02:51:31.793Z",
"dateReserved": "2026-02-09T15:09:09.473Z",
"dateUpdated": "2026-05-27T18:00:39.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2254 (GCVE-0-2026-2254)
Vulnerability from nvd – Published: 2026-05-27 02:46 – Updated: 2026-05-27 18:00
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.6
(maven)
Affected: 10.0 , < 11.0.0.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T17:59:55.849274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:00:14.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.6",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0.0.0",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:46:36.132Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2026-2254",
"datePublished": "2026-05-27T02:46:36.132Z",
"dateReserved": "2026-02-09T15:09:08.406Z",
"dateUpdated": "2026-05-27T18:00:14.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2253 (GCVE-0-2026-2253)
Vulnerability from nvd – Published: 2026-05-27 02:54 – Updated: 2026-05-27 18:00
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper restriction of XML external entity reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.7
(maven)
Affected: 10.0 , < 11.0.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T18:00:51.429151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:00:59.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0.0",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.7 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 Serialized Data External Linking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper restriction of XML external entity reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:54:25.857Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Improper Restriction of XML External Entity Reference",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2026-2253",
"datePublished": "2026-05-27T02:54:25.857Z",
"dateReserved": "2026-02-09T15:09:06.755Z",
"dateUpdated": "2026-05-27T18:00:59.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3314 (GCVE-0-2026-3314)
Vulnerability from nvd – Published: 2026-05-26 05:57 – Updated: 2026-05-26 12:22
VLAI
EPSS
VEX
Title
Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
Summary
Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).
This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-549 - Missing password field masking
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.8-00
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer viewpoint |
Affected:
10.8.1-00 , < 11.0.8-00
(custom)
|
|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
3.2.0-00 , < 11.0.8-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:21:39.028766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:22:47.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view",
"Hitachi Ops Center Analyzer probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8-00",
"status": "unaffected"
}
],
"lessThan": "11.0.8-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer viewpoint",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8-00",
"status": "unaffected"
}
],
"lessThan": "11.0.8-00",
"status": "affected",
"version": "10.8.1-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics",
"Analytics probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThan": "11.0.8-00",
"status": "affected",
"version": "3.2.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.\u003c/p\u003e"
}
],
"value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\n\nThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-549",
"description": "CWE-549 Missing password field masking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T05:57:09.752Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-120/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-120",
"discovery": "UNKNOWN"
},
"title": "Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-3314",
"datePublished": "2026-05-26T05:57:09.752Z",
"dateReserved": "2026-02-27T06:34:14.106Z",
"dateUpdated": "2026-05-26T12:22:47.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11159 (GCVE-0-2025-11159)
Vulnerability from nvd – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Summary
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.7
(maven)
Affected: 1.0 , < 11.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:44:30.743315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:44:36.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0",
"status": "affected",
"version": "1.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-310",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-310 Scanning for Vulnerable Software"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T05:36:43.720Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party Component",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2025-11159",
"datePublished": "2026-05-13T05:36:43.720Z",
"dateReserved": "2025-09-29T14:53:44.917Z",
"dateUpdated": "2026-05-13T14:44:36.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2514 (GCVE-0-2025-2514)
Vulnerability from nvd – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
VLAI
EPSS
VEX
Title
Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
Summary
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper restriction of excessive authentication attempts
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:41:07.277696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:41:12.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
}
],
"value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper restriction of excessive authentication attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:30:28.144Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-306",
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2514",
"datePublished": "2026-05-07T07:30:28.144Z",
"dateReserved": "2025-03-19T01:13:12.468Z",
"dateUpdated": "2026-05-07T13:41:12.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1978 (GCVE-0-2025-1978)
Vulnerability from nvd – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
VLAI
EPSS
VEX
Title
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Summary
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:39:55.440215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:40:00.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Josef Riedmaier, Siemens Energy."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T08:05:42.743Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-307",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1978",
"datePublished": "2026-05-07T08:05:42.743Z",
"dateReserved": "2025-03-05T03:18:02.426Z",
"dateUpdated": "2026-05-07T13:40:00.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9661 (GCVE-0-2025-9661)
Vulnerability from nvd – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
VLAI
EPSS
VEX
Title
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
Summary
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform One Block 23 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 24 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 26 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 28 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:02:14.993613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:02:35.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 24",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 26",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:08:14.823Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-309",
"discovery": "UNKNOWN"
},
"title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-9661",
"datePublished": "2026-05-07T07:08:14.823Z",
"dateReserved": "2025-08-29T07:14:42.691Z",
"dateUpdated": "2026-05-07T13:02:35.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65116 (GCVE-0-2025-65116)
Vulnerability from nvd – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
VLAI
EPSS
VEX
Title
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-763 - Release of invalid pointer or reference
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:25:49.919013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:25:56.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of invalid pointer or reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:43:25.553Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65116",
"datePublished": "2026-04-07T05:43:25.553Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:25:56.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65115 (GCVE-0-2025-65115)
Vulnerability from nvd – Published: 2026-04-07 05:19 – Updated: 2026-04-07 13:26
VLAI
EPSS
VEX
Title
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External control of file name or path
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:26:13.754013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:26:20.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution Vulnerability\u0026nbsp;in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Remote Code Execution Vulnerability\u00a0in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External control of file name or path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:19:50.413Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65115",
"datePublished": "2026-04-07T05:19:50.413Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:26:20.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2072 (GCVE-0-2026-2072)
Vulnerability from nvd – Published: 2026-03-25 02:15 – Updated: 2026-03-25 13:29
VLAI
EPSS
VEX
Title
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , < *
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.5-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:29:10.197265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:29:19.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Analytics probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T02:15:44.430Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-114",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-2072",
"datePublished": "2026-03-25T02:15:44.430Z",
"dateReserved": "2026-02-06T07:41:41.771Z",
"dateUpdated": "2026-03-25T13:29:19.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1166 (GCVE-0-2026-1166)
Vulnerability from nvd – Published: 2026-03-25 02:07 – Updated: 2026-03-25 13:30
VLAI
EPSS
VEX
Title
Open Redirect Vulnerability in Hitachi Ops Center Administrator
Summary
Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL redirection to untrusted site ('open redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Administrator |
Affected:
10.2.0 , < 11.0.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:30:17.223904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:30:24.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Administrator",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8",
"status": "unaffected"
}
],
"lessThan": "11.0.8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.\u003cp\u003eThis issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.\u003c/p\u003e"
}
],
"value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-98 Phishing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T02:07:10.895Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-113/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-113",
"discovery": "UNKNOWN"
},
"title": "Open Redirect Vulnerability in Hitachi Ops Center Administrator",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-1166",
"datePublished": "2026-03-25T02:07:10.895Z",
"dateReserved": "2026-01-19T05:00:10.434Z",
"dateUpdated": "2026-03-25T13:30:24.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2902 (GCVE-0-2025-2902)
Vulnerability from cvelistv5 – Published: 2026-06-29 05:52 – Updated: 2026-06-29 12:40
VLAI
EPSS
VEX
Title
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
Summary
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H |
Affected:
0 , < DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:39:47.151090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:40:09.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00.\u003c/p\u003e"
}
],
"value": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform.\n\nThis issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver. 90-09-27-00/00, GUM Ver. 90-09-27/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver. 88-08-16-xx/00, GUM Ver. 88-08-20/00."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:52:39.570Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_305.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-305",
"discovery": "UNKNOWN"
},
"title": "Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2902",
"datePublished": "2026-06-29T05:52:39.570Z",
"dateReserved": "2025-03-28T06:25:15.368Z",
"dateUpdated": "2026-06-29T12:40:09.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0824 (GCVE-0-2025-0824)
Vulnerability from cvelistv5 – Published: 2026-06-29 05:34 – Updated: 2026-06-29 12:38
VLAI
EPSS
VEX
Title
lack of validation for firmware update in Hitachi Virtual Storage
Summary
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.
This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper verification of cryptographic signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, 24, 26, 28 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:38:22.989556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:38:48.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, 24, 26, 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of validation for firmware update\u0026nbsp;in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/p\u003e"
}
],
"value": "Lack of validation for firmware update\u00a0in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
}
],
"impacts": [
{
"capecId": "CAPEC-473",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-473 Signature Spoof"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper verification of cryptographic signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:34:34.668Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_308.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-308",
"discovery": "UNKNOWN"
},
"title": "lack of validation for firmware update in Hitachi Virtual Storage",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-0824",
"datePublished": "2026-06-29T05:34:34.668Z",
"dateReserved": "2025-01-29T07:25:51.664Z",
"dateUpdated": "2026-06-29T12:38:48.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7386 (GCVE-0-2025-7386)
Vulnerability from cvelistv5 – Published: 2026-06-29 05:22 – Updated: 2026-06-29 12:36
VLAI
EPSS
VEX
Title
Information exposure vulnerability in Hitachi Storage Navigator
Summary
Information exposure vulnerability in Hitachi Storage Navigator.
This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8 |
Affected:
0 , < DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00
(custom)
Affected: 0 , < DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7 |
Affected:
0 , < DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T12:35:44.062299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T12:36:33.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information exposure vulnerability in Hitachi Storage Navigator.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.\u003c/p\u003e"
}
],
"value": "Information exposure vulnerability in Hitachi Storage Navigator.\n\nThis issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:22:37.701Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_301.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-301",
"discovery": "UNKNOWN"
},
"title": "Information exposure vulnerability in Hitachi Storage Navigator",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-7386",
"datePublished": "2026-06-29T05:22:37.701Z",
"dateReserved": "2025-07-09T10:16:02.704Z",
"dateUpdated": "2026-06-29T12:36:33.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7737 (GCVE-0-2025-7737)
Vulnerability from cvelistv5 – Published: 2026-06-19 05:13 – Updated: 2026-06-22 15:04
VLAI
EPSS
VEX
Title
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform
Summary
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform E990, E1090, E1090H |
Affected:
0 , < DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
Affected: 0 , < DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H |
Affected:
0 , < DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
Affected: 0 , < DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04) |
|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800 |
Affected:
0 , < DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H |
Affected:
0 , < DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07
(custom)
Affected: 0 , < DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom) Affected: 0 , < DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500 |
Affected:
0 , < DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T15:04:02.928880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:04:12.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E990, E1090, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\u003c/div\u003e\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.\u003c/p\u003e"
}
],
"value": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\n\n\n\nThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17."
}
],
"impacts": [
{
"capecId": "CAPEC-482",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-482 TCP Flood"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of resources without limits or throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T05:13:38.611Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-312",
"discovery": "UNKNOWN"
},
"title": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-7737",
"datePublished": "2026-06-19T05:13:38.611Z",
"dateReserved": "2025-07-17T05:09:06.792Z",
"dateUpdated": "2026-06-22T15:04:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2253 (GCVE-0-2026-2253)
Vulnerability from cvelistv5 – Published: 2026-05-27 02:54 – Updated: 2026-05-27 18:00
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper restriction of XML external entity reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.7
(maven)
Affected: 10.0 , < 11.0.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T18:00:51.429151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:00:59.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0.0",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.7 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.7 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 Serialized Data External Linking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper restriction of XML external entity reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:54:25.857Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/45677548193933--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Restriction-of-XML-External-Entity-Reference-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2026-2253"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Improper Restriction of XML External Entity Reference",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2026-2253",
"datePublished": "2026-05-27T02:54:25.857Z",
"dateReserved": "2026-02-09T15:09:06.755Z",
"dateUpdated": "2026-05-27T18:00:59.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2255 (GCVE-0-2026-2255)
Vulnerability from cvelistv5 – Published: 2026-05-27 02:51 – Updated: 2026-05-27 18:00
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.6
(maven)
Affected: 10.0 , < 11.0.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T18:00:31.690560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:00:39.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.6",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0.0",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u0026nbsp;the user should not see those explicitly, the defect is mitigated by the fact the user can already\u0026nbsp;leverage those credentials to submit jobs under the same account through the backend API.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although\u00a0the user should not see those explicitly, the defect is mitigated by the fact the user can already\u00a0leverage those credentials to submit jobs under the same account through the backend API."
}
],
"impacts": [
{
"capecId": "CAPEC-102",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-102 Session Sidejacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:57:46.206Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/45672235545101--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2255"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2026-2255",
"datePublished": "2026-05-27T02:51:31.793Z",
"dateReserved": "2026-02-09T15:09:09.473Z",
"dateUpdated": "2026-05-27T18:00:39.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2254 (GCVE-0-2026-2254)
Vulnerability from cvelistv5 – Published: 2026-05-27 02:46 – Updated: 2026-05-27 18:00
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.6
(maven)
Affected: 10.0 , < 11.0.0.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T17:59:55.849274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:00:14.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.6",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0.0.0",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hitachi Group Member"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6 and 11.0.0.0, including\u0026nbsp;9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6 and 11.0.0.0, including\u00a09.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T02:46:36.132Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/45676384909069--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Incorrect-Permission-Assignment-for-Critical-Resource-Versions-before-10-2-0-6-and-11-0-0-0-Impacted-CVE-2026-2254?brand_id=1928686"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2026-2254",
"datePublished": "2026-05-27T02:46:36.132Z",
"dateReserved": "2026-02-09T15:09:08.406Z",
"dateUpdated": "2026-05-27T18:00:14.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3314 (GCVE-0-2026-3314)
Vulnerability from cvelistv5 – Published: 2026-05-26 05:57 – Updated: 2026-05-26 12:22
VLAI
EPSS
VEX
Title
Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
Summary
Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).
This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-549 - Missing password field masking
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.8-00
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer viewpoint |
Affected:
10.8.1-00 , < 11.0.8-00
(custom)
|
|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
3.2.0-00 , < 11.0.8-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:21:39.028766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:22:47.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view",
"Hitachi Ops Center Analyzer probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8-00",
"status": "unaffected"
}
],
"lessThan": "11.0.8-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer viewpoint",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8-00",
"status": "unaffected"
}
],
"lessThan": "11.0.8-00",
"status": "affected",
"version": "10.8.1-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics",
"Analytics probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThan": "11.0.8-00",
"status": "affected",
"version": "3.2.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.\u003c/p\u003e"
}
],
"value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\n\nThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-549",
"description": "CWE-549 Missing password field masking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T05:57:09.752Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-120/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-120",
"discovery": "UNKNOWN"
},
"title": "Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-3314",
"datePublished": "2026-05-26T05:57:09.752Z",
"dateReserved": "2026-02-27T06:34:14.106Z",
"dateUpdated": "2026-05-26T12:22:47.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11159 (GCVE-0-2025-11159)
Vulnerability from cvelistv5 – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
VLAI
EPSS
VEX
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Summary
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.7
(maven)
Affected: 1.0 , < 11.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:44:30.743315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:44:36.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0",
"status": "affected",
"version": "1.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-310",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-310 Scanning for Vulnerable Software"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T05:36:43.720Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party Component",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2025-11159",
"datePublished": "2026-05-13T05:36:43.720Z",
"dateReserved": "2025-09-29T14:53:44.917Z",
"dateUpdated": "2026-05-13T14:44:36.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1978 (GCVE-0-2025-1978)
Vulnerability from cvelistv5 – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
VLAI
EPSS
VEX
Title
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Summary
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:39:55.440215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:40:00.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Josef Riedmaier, Siemens Energy."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T08:05:42.743Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-307",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1978",
"datePublished": "2026-05-07T08:05:42.743Z",
"dateReserved": "2025-03-05T03:18:02.426Z",
"dateUpdated": "2026-05-07T13:40:00.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2514 (GCVE-0-2025-2514)
Vulnerability from cvelistv5 – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
VLAI
EPSS
VEX
Title
Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
Summary
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper restriction of excessive authentication attempts
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:41:07.277696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:41:12.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
}
],
"value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper restriction of excessive authentication attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:30:28.144Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-306",
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2514",
"datePublished": "2026-05-07T07:30:28.144Z",
"dateReserved": "2025-03-19T01:13:12.468Z",
"dateUpdated": "2026-05-07T13:41:12.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9661 (GCVE-0-2025-9661)
Vulnerability from cvelistv5 – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
VLAI
EPSS
VEX
Title
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
Summary
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform One Block 23 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 24 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 26 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 28 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:02:14.993613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:02:35.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 24",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 26",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:08:14.823Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-309",
"discovery": "UNKNOWN"
},
"title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-9661",
"datePublished": "2026-05-07T07:08:14.823Z",
"dateReserved": "2025-08-29T07:14:42.691Z",
"dateUpdated": "2026-05-07T13:02:35.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65116 (GCVE-0-2025-65116)
Vulnerability from cvelistv5 – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
VLAI
EPSS
VEX
Title
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-763 - Release of invalid pointer or reference
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:25:49.919013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:25:56.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of invalid pointer or reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:43:25.553Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65116",
"datePublished": "2026-04-07T05:43:25.553Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:25:56.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65115 (GCVE-0-2025-65115)
Vulnerability from cvelistv5 – Published: 2026-04-07 05:19 – Updated: 2026-04-07 13:26
VLAI
EPSS
VEX
Title
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External control of file name or path
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:26:13.754013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:26:20.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution Vulnerability\u0026nbsp;in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Remote Code Execution Vulnerability\u00a0in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External control of file name or path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:19:50.413Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65115",
"datePublished": "2026-04-07T05:19:50.413Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:26:20.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}