Vulnerabilities > Hitachi

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2021-20740 OS Command Injection vulnerability in multiple products
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.
network
low complexity
hitachi nec CWE-78
8.8
8.8
2021-06-22 CVE-2021-20741 Cross-site Scripting vulnerability in Hitachi Application Server V10 Manual 101101
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
hitachi CWE-79
6.1
6.1
2021-06-09 CVE-2021-3196 Improper Verification of Cryptographic Signature vulnerability in Hitachi ID Bravura Security Fabric 12.1.0
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0.
network
low complexity
hitachi CWE-347
8.8
8.8
2021-01-29 CVE-2020-24670 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
5.4
2021-01-29 CVE-2020-24669 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
5.4
2021-01-29 CVE-2020-24666 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
5.4
2021-01-29 CVE-2020-24665 XML Entity Expansion vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition.
network
low complexity
hitachi CWE-776
6.5
6.5
2021-01-29 CVE-2020-24664 Cross-site Scripting vulnerability in Hitachi Vantara Pentaho 7.0.0/8.0.0
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code.
network
low complexity
hitachi CWE-79
5.4
5.4
2020-02-14 CVE-2018-21033 Improper Input Validation vulnerability in Hitachi products
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence.
network
low complexity
hitachi CWE-20
6.5
6.5
2020-02-14 CVE-2018-21032 Information Exposure Through an Error Message vulnerability in Hitachi products
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages.
network
low complexity
hitachi CWE-209
4.3
4.3