Vulnerabilities > CVE-2021-28052 - Missing Authorization vulnerability in Hitach Vantara 9.0.0

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
hitach
CWE-862

Summary

A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.

Vulnerable Configurations

Part Description Count
Application
Hitach
2

Common Weakness Enumeration (CWE)