Vulnerabilities > Hitachi > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-11 CVE-2023-6538 Unspecified vulnerability in Hitachi System Management Unit Firmware
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.
network
low complexity
hitachi
6.5
2023-12-05 CVE-2023-5808 Improper Authentication vulnerability in Hitachi Vantara Hitachi Network Attached Storage
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.
network
low complexity
hitachi CWE-287
6.5
2023-10-03 CVE-2023-3335 Information Exposure Through Log Files vulnerability in Hitachi OPS Center Administrator
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
local
low complexity
hitachi CWE-532
5.5
2023-08-23 CVE-2023-39986 Out-of-bounds Read vulnerability in Hitachi Eh-View
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations.
local
low complexity
hitachi CWE-125
5.5
2023-05-24 CVE-2023-1158 Incorrect Authorization vulnerability in Hitachi products
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
network
low complexity
hitachi CWE-863
4.3
2023-05-23 CVE-2023-30469 Cross-site Scripting vulnerability in Hitachi OPS Center Analyzer 10.9.100
Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.
network
low complexity
hitachi CWE-79
6.1
2023-04-03 CVE-2022-3960 Code Injection vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 
network
low complexity
hitachi CWE-94
6.3
2023-04-03 CVE-2022-43771 Path Traversal vulnerability in Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
network
low complexity
hitachi CWE-22
6.5
2023-04-03 CVE-2022-43772 Information Exposure Through Log Files vulnerability in Hitachi Vantara Pentaho Business Analytics Server
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 
network
low complexity
hitachi CWE-532
6.5
2023-04-03 CVE-2022-43941 XXE vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 
network
low complexity
hitachi CWE-611
6.5