Vulnerabilities > Hitachi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-18 | CVE-2022-4146 | Expression Language Injection vulnerability in Hitachi Replication Manager Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | 9.8 |
| 2023-04-03 | CVE-2022-43939 | Unspecified vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. | 9.8 |
| 2022-11-01 | CVE-2022-41552 | Server-Side Request Forgery (SSRF) vulnerability in Hitachi products Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | 9.8 |
| 2021-10-12 | CVE-2021-29644 | Integer Overflow or Wraparound vulnerability in Hitachi products Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. | 10.0 |
| 2021-06-28 | CVE-2021-20740 | OS Command Injection vulnerability in multiple products Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | 9.0 |
| 2013-07-31 | CVE-2013-4697 | Unspecified vulnerability in Hitachi products Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. | 9.0 |
| 2012-08-13 | CVE-2012-4274 | Unspecified vulnerability in Hitachi Cobol GUI Option and Cobol GUI Option Server Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
| 2012-01-24 | CVE-2012-0918 | Remote Code Execution vulnerability in Hitachi products Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
| 2011-03-23 | CVE-2010-4773 | Remote Security vulnerability in Hitachi products Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
| 2010-04-21 | CVE-2009-4776 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hitachi products Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. | 9.3 |