CVE-2025-3624 (GCVE-0-2025-3624)

Vulnerability from cvelistv5 – Published: 2025-05-16 06:42 – Updated: 2025-05-16 15:31
VLAI?
Title
Missing Authorization Vulnerability in Hitachi Ops Center Analyzer
Summary
Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Hitachi Hitachi Ops Center Analyzer Affected: 10.0.0-00 , < 11.0.4-00 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3624",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T15:31:40.783730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T15:31:49.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Hitachi Ops Center Analyzer detail view"
          ],
          "platforms": [
            "Windows",
            "Linux",
            "64 bit"
          ],
          "product": "Hitachi Ops Center Analyzer",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.4-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.4-00",
              "status": "affected",
              "version": "10.0.0-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-220",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-220 Client-Server Protocol Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-16T06:42:19.538Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2025-116",
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization Vulnerability in Hitachi Ops Center Analyzer",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2025-3624",
    "datePublished": "2025-05-16T06:42:19.538Z",
    "dateReserved": "2025-04-15T02:14:15.919Z",
    "dateUpdated": "2025-05-16T15:31:49.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3624\",\"sourceIdentifier\":\"hirt@hitachi.co.jp\",\"published\":\"2025-05-16T07:15:47.997\",\"lastModified\":\"2025-05-16T14:42:18.700\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de autorizaci\u00f3n faltante en Hitachi Ops Center Analyzer (componente de vista detallada de Hitachi Ops Center Analyzer). Este problema afecta a Hitachi Ops Center Analyzer: desde 10.0.0-00 hasta 11.0.4-00.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html\",\"source\":\"hirt@hitachi.co.jp\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3624\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T15:31:40.783730Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T15:31:45.941Z\"}}], \"cna\": {\"title\": \"Missing Authorization Vulnerability in Hitachi Ops Center Analyzer\", \"source\": {\"advisory\": \"hitachi-sec-2025-116\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-220\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-220 Client-Server Protocol Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi\", \"modules\": [\"Hitachi Ops Center Analyzer detail view\"], \"product\": \"Hitachi Ops Center Analyzer\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"11.0.4-00\", \"status\": \"unaffected\"}], \"version\": \"10.0.0-00\", \"lessThan\": \"11.0.4-00\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\", \"Linux\", \"64 bit\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"shortName\": \"Hitachi\", \"dateUpdated\": \"2025-05-16T06:42:19.538Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3624\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T15:31:49.610Z\", \"dateReserved\": \"2025-04-15T02:14:15.919Z\", \"assignerOrgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"datePublished\": \"2025-05-16T06:42:19.538Z\", \"assignerShortName\": \"Hitachi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.