Vulnerabilities > Hitachi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2021-20740 | OS Command Injection vulnerability in multiple products Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | 9.0 |
| 2021-06-22 | CVE-2021-20741 | Cross-Site Scripting vulnerability in Hitachi Application Server V10 Manual 101101 Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. | 4.3 |
| 2021-06-09 | CVE-2021-3196 | Improper Verification of Cryptographic Signature vulnerability in Hitachi ID Bravura Security Fabric 12.1.0 An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. | 6.5 |
| 2021-01-29 | CVE-2020-24670 | Cross-Site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0 The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 3.5 |
| 2021-01-29 | CVE-2020-24669 | Cross-Site Scripting vulnerability in Hitachi Vantara Pentaho The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 3.5 |
| 2021-01-29 | CVE-2020-24666 | Cross-Site Scripting vulnerability in Hitachi Vantara Pentaho The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 3.5 |
| 2021-01-29 | CVE-2020-24665 | XML Entity Expansion vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0 The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. | 4.0 |
| 2021-01-29 | CVE-2020-24664 | Cross-Site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0 The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. | 3.5 |
| 2020-02-14 | CVE-2018-21033 | Improper Input Validation vulnerability in Hitachi products A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. | 4.0 |
| 2020-02-14 | CVE-2018-21032 | Information Exposure Through AN Error Message vulnerability in Hitachi products A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. | 4.0 |