CVE-2024-45068 (GCVE-0-2024-45068)

Vulnerability from cvelistv5 – Published: 2024-12-03 02:32 – Updated: 2024-12-03 15:54
VLAI?
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Summary
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Hitachi Hitachi Ops Center Common Services Affected: 10.9.3-00 , < 11.0.3-00 (custom)
Create a notification for this product.
    Hitachi Hitachi Ops Center OVA Affected: 10.9.3-00 , < 11.0.2-01 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ops_center_ova",
            "vendor": "hitachi",
            "versions": [
              {
                "lessThan": "11.0.2-01",
                "status": "affected",
                "version": "10.9.3-00",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ops_center_common_services",
            "vendor": "hitachi",
            "versions": [
              {
                "lessThan": "11.0.3-00",
                "status": "affected",
                "version": "10.9.3-00",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T14:30:59.837741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-03T15:54:53.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center Common Services",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.3-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.3-00",
              "status": "affected",
              "version": "10.9.3-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center OVA",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.2-01",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.2-01",
              "status": "affected",
              "version": "10.9.3-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAuthentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e"
            }
          ],
          "value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\n\n\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-03T02:32:03.225Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2024-149",
        "discovery": "UNKNOWN"
      },
      "title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2024-45068",
    "datePublished": "2024-12-03T02:32:03.225Z",
    "dateReserved": "2024-10-22T04:20:15.307Z",
    "dateUpdated": "2024-12-03T15:54:53.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\\n\\n\\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\"}, {\"lang\": \"es\", \"value\": \" Vulnerabilidad de fuga de credenciales de autenticaci\\u00f3n en Hitachi Ops Center Common Services dentro de Hitachi Ops Center OVA. Este problema afecta a Hitachi Ops Center Common Services: desde 10.9.3-00 hasta 11.0.3-00; Hitachi Ops Center OVA: desde 10.9.3-00 hasta 11.0.2-01.\"}]",
      "id": "CVE-2024-45068",
      "lastModified": "2024-12-03T03:15:04.953",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"hirt@hitachi.co.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}]}",
      "published": "2024-12-03T03:15:04.953",
      "references": "[{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html\", \"source\": \"hirt@hitachi.co.jp\"}]",
      "sourceIdentifier": "hirt@hitachi.co.jp",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"hirt@hitachi.co.jp\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1392\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45068\",\"sourceIdentifier\":\"hirt@hitachi.co.jp\",\"published\":\"2024-12-03T03:15:04.953\",\"lastModified\":\"2024-12-03T03:15:04.953\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\\n\\n\\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\"},{\"lang\":\"es\",\"value\":\" Vulnerabilidad de fuga de credenciales de autenticaci\u00f3n en Hitachi Ops Center Common Services dentro de Hitachi Ops Center OVA. Este problema afecta a Hitachi Ops Center Common Services: desde 10.9.3-00 hasta 11.0.3-00; Hitachi Ops Center OVA: desde 10.9.3-00 hasta 11.0.2-01.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1392\"}]}],\"references\":[{\"url\":\"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html\",\"source\":\"hirt@hitachi.co.jp\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45068\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-03T14:30:59.837741Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:*\"], \"vendor\": \"hitachi\", \"product\": \"ops_center_ova\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.9.3-00\", \"lessThan\": \"11.0.2-01\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:*\"], \"vendor\": \"hitachi\", \"product\": \"ops_center_common_services\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.9.3-00\", \"lessThan\": \"11.0.3-00\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-03T14:35:45.474Z\"}}], \"cna\": {\"title\": \"Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA\", \"source\": {\"advisory\": \"hitachi-sec-2024-149\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi\", \"product\": \"Hitachi Ops Center Common Services\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"11.0.3-00\", \"status\": \"unaffected\"}], \"version\": \"10.9.3-00\", \"lessThan\": \"11.0.3-00\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Hitachi\", \"product\": \"Hitachi Ops Center OVA\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"11.0.2-01\", \"status\": \"unaffected\"}], \"version\": \"10.9.3-00\", \"lessThan\": \"11.0.2-01\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\\n\\n\\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAuthentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1392\", \"description\": \"CWE-1392 Use of Default Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"shortName\": \"Hitachi\", \"dateUpdated\": \"2024-12-03T02:32:03.225Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45068\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-03T15:54:53.646Z\", \"dateReserved\": \"2024-10-22T04:20:15.307Z\", \"assignerOrgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"datePublished\": \"2024-12-03T02:32:03.225Z\", \"assignerShortName\": \"Hitachi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.