Vulnerabilities > Hitachi

DATE CVE VULNERABILITY TITLE RISK
2023-04-03 CVE-2022-4771 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 
network
low complexity
hitachi CWE-79
6.1
6.1
2023-04-03 CVE-2022-43939 Unspecified vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 
network
low complexity
hitachi
critical
 9.8
9.8
2023-04-03 CVE-2022-43773 Incorrect Permission Assignment for Critical Resource vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 
network
low complexity
hitachi CWE-732
8.8
8.8
2023-04-03 CVE-2022-43769 Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 
network
low complexity
hitachi CWE-94
7.2
7.2
2023-02-28 CVE-2020-36652 Incorrect Default Permissions vulnerability in Hitachi products
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.
local
low complexity
hitachi CWE-276
7.1
7.1
2023-02-28 CVE-2022-3884 Incorrect Default Permissions vulnerability in Hitachi OPS Center Analyzer 10.9.000
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.
local
low complexity
hitachi CWE-276
7.1
7.1
2023-02-28 CVE-2022-4895 Improper Certificate Validation vulnerability in Hitachi products
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
network
high complexity
hitachi CWE-295
8.1
8.1
2023-01-31 CVE-2022-4041 Improper Privilege Management vulnerability in Hitachi Storage Plug-In 04.8.0/04.9.0
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
network
low complexity
hitachi CWE-269
8.8
8.8
2023-01-31 CVE-2022-4441 Improper Privilege Management vulnerability in Hitachi Storage Plug-In 04.8.0/04.9.0
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.
network
low complexity
hitachi CWE-269
8.8
8.8
2023-01-17 CVE-2020-36611 Incorrect Default Permissions vulnerability in Hitachi Tuning Manager
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.
local
low complexity
hitachi CWE-276
7.1
7.1