Vulnerabilities > Hitachi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-7125 | Missing Authentication for Critical Function vulnerability in Hitachi OPS Center Common Services 10.9.300 Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | 7.8 |
| 2024-08-06 | CVE-2024-5828 | Expression Language Injection vulnerability in Hitachi Tuning Manager Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | 9.8 |
| 2024-07-02 | CVE-2024-2819 | Improper Preservation of Permissions vulnerability in Hitachi OPS Center Common Services 10.9.300 Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | 6.5 |
| 2024-06-26 | CVE-2024-28982 | XML Entity Expansion vulnerability in Hitachi Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. | 8.2 |
| 2024-06-26 | CVE-2024-28983 | Cross-site Scripting vulnerability in Hitachi Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | 6.1 |
| 2024-06-26 | CVE-2024-28984 | Cross-site Scripting vulnerability in Hitachi Pentaho Business Analytics Server Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | 6.1 |
| 2024-02-28 | CVE-2023-5617 | Information Exposure Through an Error Message vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered. | 5.3 |
| 2024-02-20 | CVE-2024-0715 | Expression Language Injection vulnerability in Hitachi Global Link Manager 8.1.1/8.6.200 Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03. | 9.8 |
| 2024-01-30 | CVE-2024-21840 | Incorrect Default Permissions vulnerability in Hitachi Storage Plug-In Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. | 7.1 |
| 2024-01-16 | CVE-2023-49106 | Insufficiently Protected Credentials vulnerability in Hitachi Device Manager Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04. | 7.5 |