Vulnerabilities > Hitachi

DATE CVE VULNERABILITY TITLE RISK
2024-06-26 CVE-2024-28982 XML Entity Expansion vulnerability in Hitachi Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
network
low complexity
hitachi CWE-776
8.2
2024-06-26 CVE-2024-28983 Cross-site Scripting vulnerability in Hitachi Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
network
low complexity
hitachi CWE-79
6.1
2024-06-26 CVE-2024-28984 Cross-site Scripting vulnerability in Hitachi Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
network
low complexity
hitachi CWE-79
6.1
2024-01-30 CVE-2024-21840 Incorrect Default Permissions vulnerability in Hitachi Storage Plug-In
Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
local
low complexity
hitachi CWE-276
7.1
2024-01-16 CVE-2023-49106 Insufficiently Protected Credentials vulnerability in Hitachi Device Manager
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.
network
low complexity
hitachi CWE-522
7.5
2024-01-16 CVE-2023-49107 Information Exposure Through an Error Message vulnerability in Hitachi Device Manager
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.
network
low complexity
hitachi CWE-209
7.5
2024-01-16 CVE-2023-6457 Incorrect Default Permissions vulnerability in Hitachi Tuning Manager
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.
local
low complexity
hitachi CWE-276
7.1
2023-12-12 CVE-2023-3517 Unspecified vulnerability in Hitachi Pentaho Data Integration and Analytics 1.0/9.4.0.0
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
network
low complexity
hitachi
8.8
2023-12-11 CVE-2023-6538 Unspecified vulnerability in Hitachi System Management Unit Firmware
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.
network
low complexity
hitachi
6.5
2023-12-05 CVE-2023-5808 Improper Authentication vulnerability in Hitachi Vantara Hitachi Network Attached Storage 14.6.7520.04/14.8.7825.01
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.
network
low complexity
hitachi CWE-287
6.5