Vulnerabilities > Hitachi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-02 | CVE-2021-45448 | Path Traversal vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9 Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | 6.5 |
| 2022-11-02 | CVE-2021-45446 | Improper Preservation of Permissions vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9 A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. | 7.5 |
| 2022-11-02 | CVE-2021-45447 | Cleartext Transmission of Sensitive Information vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9 Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. | 7.5 |
| 2022-11-01 | CVE-2020-36605 | Incorrect Default Permissions vulnerability in Hitachi products Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. | 4.4 |
| 2022-11-01 | CVE-2022-3191 | Information Exposure Through Log Files vulnerability in Hitachi OPS Center Analyzer Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 | 5.5 |
| 2022-11-01 | CVE-2022-41552 | Server-Side Request Forgery (SSRF) vulnerability in Hitachi products Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | 9.8 |
| 2022-11-01 | CVE-2022-41553 | Information Exposure Through Log Files vulnerability in Hitachi products Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | 5.5 |
| 2022-10-06 | CVE-2022-2637 | Improper Privilege Management vulnerability in Hitachi Storage Plug-In 04.8.0 Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | 8.8 |
| 2022-09-06 | CVE-2022-34882 | Information Exposure Through an Error Message vulnerability in Hitachi Raid Manager Storage Replication Adapter Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. | 6.5 |
| 2022-09-06 | CVE-2022-34883 | OS Command Injection vulnerability in Hitachi Raid Manager Storage Replication Adapter OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. | 8.8 |