CVE-2024-2819 (GCVE-0-2024-2819)
Vulnerability from cvelistv5 – Published: 2024-07-02 01:53 – Updated: 2024-08-01 19:25
VLAI?
Title
File Permission Vulnerability in Hitachi Ops Center Common Services
Summary
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.
Severity ?
5.1 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
0 , < 11.0.2-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T18:19:58.248604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T18:20:06.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.2-00",
"status": "unaffected"
}
],
"lessThan": "11.0.2-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: before 11.0.2-00.\u003c/p\u003e"
}
],
"value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T01:53:44.982Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-132",
"discovery": "UNKNOWN"
},
"title": "File Permission Vulnerability in Hitachi Ops Center Common Services",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-2819",
"datePublished": "2024-07-02T01:53:44.982Z",
"dateReserved": "2024-03-22T06:56:51.487Z",
"dateUpdated": "2024-08-01T19:25:41.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de permisos predeterminados incorrectos y preservaci\\u00f3n inadecuada de permisos en los servicios comunes de Hitachi Ops Center permite la manipulaci\\u00f3n de archivos. Este problema afecta a los servicios comunes de Hitachi Ops Center: anteriores a 11.0.2-00.\"}]",
"id": "CVE-2024-2819",
"lastModified": "2024-11-21T09:10:36.070",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"hirt@hitachi.co.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 2.5}]}",
"published": "2024-07-02T02:15:02.127",
"references": "[{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html\", \"source\": \"hirt@hitachi.co.jp\"}, {\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "hirt@hitachi.co.jp",
"vulnStatus": "Undergoing Analysis",
"weaknesses": "[{\"source\": \"hirt@hitachi.co.jp\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}, {\"lang\": \"en\", \"value\": \"CWE-281\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-2819\",\"sourceIdentifier\":\"hirt@hitachi.co.jp\",\"published\":\"2024-07-02T02:15:02.127\",\"lastModified\":\"2025-01-21T19:14:24.217\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de permisos predeterminados incorrectos y preservaci\u00f3n inadecuada de permisos en los servicios comunes de Hitachi Ops Center permite la manipulaci\u00f3n de archivos. Este problema afecta a los servicios comunes de Hitachi Ops Center: anteriores a 11.0.2-00.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"},{\"lang\":\"en\",\"value\":\"CWE-281\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"},{\"lang\":\"en\",\"value\":\"CWE-281\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ops_center_common_services:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.2-00\",\"matchCriteriaId\":\"1F9438A2-D842-4842-BC7C-AC397B5E9E61\"}]}]}],\"references\":[{\"url\":\"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html\",\"source\":\"hirt@hitachi.co.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:25:41.763Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2819\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-02T18:19:58.248604Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-02T18:20:00.990Z\"}}], \"cna\": {\"title\": \"File Permission Vulnerability in Hitachi Ops Center Common Services\", \"source\": {\"advisory\": \"hitachi-sec-2024-132\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi\", \"product\": \"Hitachi Ops Center Common Services\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"11.0.2-00\", \"status\": \"unaffected\"}], \"version\": \"0\", \"lessThan\": \"11.0.2-00\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: before 11.0.2-00.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"CWE-276 Incorrect Default Permissions\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-281\", \"description\": \"CWE-281 Improper Preservation of Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"shortName\": \"Hitachi\", \"dateUpdated\": \"2024-07-02T01:53:44.982Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-2819\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T19:25:41.763Z\", \"dateReserved\": \"2024-03-22T06:56:51.487Z\", \"assignerOrgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"datePublished\": \"2024-07-02T01:53:44.982Z\", \"assignerShortName\": \"Hitachi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…