jvndb - jvndb-2023-004790

jvndb-2023-004790

Vulnerability from jvndb

Published

2023-11-02 12:14

Modified

2023-11-02 12:14

Severity

8.6 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Summary

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Details

Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.

References

Type	URL
CVE	https://www.cve.org/CVERecord?id=CVE-2022-3884
CVE	https://www.cve.org/CVERecord?id=CVE-2022-4895
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-3884
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-4895
Incorrect Default Permissions(CWE-276)	https://cwe.mitre.org/data/definitions/276.html
Improper Certificate Validation(CWE-295)	https://cwe.mitre.org/data/definitions/295.html

Impacted products

Vendor	Product
Hitachi, Ltd	Hitachi Infrastructure Analytics Advisor
Hitachi, Ltd	Hitachi Ops Center Analyzer

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004790.html",
  "dc:date": "2023-11-02T12:14+09:00",
  "dcterms:issued": "2023-11-02T12:14+09:00",
  "dcterms:modified": "2023-11-02T12:14+09:00",
  "description": "Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004790.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:infrastructure_analytics_advisor",
      "@product": "Hitachi Infrastructure Analytics Advisor",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ops_center_analyzer",
      "@product": "Hitachi Ops Center Analyzer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.6",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-004790",
  "sec:references": [
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-3884",
      "@id": "CVE-2022-3884",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-4895",
      "@id": "CVE-2022-4895",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-3884",
      "@id": "CVE-2022-3884",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-4895",
      "@id": "CVE-2022-4895",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/276.html",
      "@id": "CWE-276",
      "@title": "Incorrect Default Permissions(CWE-276)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/295.html",
      "@id": "CWE-295",
      "@title": "Improper Certificate Validation(CWE-295)"
    }
  ],
  "title": "Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer"
}

cve-2022-3884

Vulnerability from cvelistv5

Published

2023-02-28 02:01

Modified

2024-08-03 01:20

Severity

7.3 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Summary

Directory Permission Vulnerability in Hitachi Ops Center Analyzer

References

URL	Tags
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html	vendor-advisory

Impacted products

Vendor	Product
Hitachi	Hitachi Ops Center Analyzer

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:20:58.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Hitachi Ops Center Analyzer RAID Agent"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Hitachi Ops Center Analyzer",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.9.0-01",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.9.0-01",
              "status": "affected",
              "version": "10.9.0-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-28T02:01:26.105Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2023-105",
        "discovery": "UNKNOWN"
      },
      "title": "Directory Permission Vulnerability in Hitachi Ops Center Analyzer",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2022-3884",
    "datePublished": "2023-02-28T02:01:26.105Z",
    "dateReserved": "2022-11-08T02:40:56.780Z",
    "dateUpdated": "2024-08-03T01:20:58.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-4895

Vulnerability from cvelistv5

Published

2023-02-28 02:03

Modified

2024-08-03 01:55

Severity

8.6 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Summary

Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

References

URL	Tags
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html	vendor-advisory

Impacted products

Vendor	Product
Hitachi	Hitachi Infrastructure Analytics Advisor
Hitachi	Hitachi Ops Center Analyzer

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:55:45.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Analytics probe"
          ],
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Infrastructure Analytics Advisor",
          "vendor": "Hitachi",
          "versions": [
            {
              "lessThanOrEqual": "4.4.0-00",
              "status": "affected",
              "version": "2.0.0-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Analyzer probe"
          ],
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center Analyzer",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.9.1-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.9.1-00",
              "status": "affected",
              "version": "10.0.0-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.\u003c/p\u003e"
            }
          ],
          "value": "Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Man in the Middle Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-28T02:03:52.626Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2023-105",
        "discovery": "UNKNOWN"
      },
      "title": "Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2022-4895",
    "datePublished": "2023-02-28T02:03:52.626Z",
    "dateReserved": "2023-01-23T06:32:40.178Z",
    "dateUpdated": "2024-08-03T01:55:45.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

jvndb-2023-004790

Vulnerability from jvndb

cve-2022-3884

Vulnerability from cvelistv5

cve-2022-4895

Vulnerability from cvelistv5

Tags