MidnightBSD

Advisories for hitachi

CVE-2003-0564 MEDIUM

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi pki_runtime_library *
hitachi groupmax_mail_-_security_option 6.0
CVE-2004-0928 MEDIUM

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi cosminexus_enterprise 01_02_2
hitachi cosminexus_server web_01-01_1
macromedia coldfusion 6.1
macromedia jrun 4.0
macromedia coldfusion 6.0
hitachi cosminexus_enterprise 01_01_1
hitachi cosminexus_server web_01-01_2
macromedia jrun 3.1
macromedia jrun 3.0
CVE-2004-1478 HIGH

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi cosminexus_enterprise 01_02_2
hitachi cosminexus_server web_01-01_1
macromedia coldfusion 6.1
macromedia jrun 4.0
macromedia coldfusion 6.0
hitachi cosminexus_enterprise 01_01_1
hitachi cosminexus_server web_01-01_2
macromedia jrun 3.1
macromedia jrun 3.0
CVE-2004-2420 MEDIUM

Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi jp1_p-1j41-9471 07_00
hitachi jp1_p-1j41-9471 07_10_a
hitachi jp1_p-1b41-9461 06_00_h
hitachi jp1_p-1b41-9471 07_10_a
hitachi jp1_p-1b41-9471 07_10
hitachi jp1_p-1b41-9461 06_01_d
hitachi jp1_p-1b41-9471 07_00_a
hitachi jp1_p-1j41-9471 07_10
hitachi jp1_p-1b41-9461 06_02-b
hitachi jp1_p-1b41-9461 06_02_c
CVE-2004-2421 HIGH

Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi jp1_p-1j41-9471 07_00
hitachi jp1_p-1j41-9471 07_10_a
hitachi jp1_p-1b41-9461 06_00_h
hitachi jp1_p-1b41-9471 07_10_a
hitachi jp1_p-1b41-9471 07_10
hitachi jp1_p-1b41-9461 06_01_d
hitachi jp1_p-1b41-9471 07_00_a
hitachi jp1_p-1j41-9471 07_10
hitachi jp1_p-1b41-9461 06_02-b
hitachi jp1_p-1b41-9461 06_02_c
CVE-2004-2492 MEDIUM

Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_world_wide_web_desktop 06_00
hitachi groupmax_world_wide_web_desktop 05_11_i
hitachi groupmax_world_wide_web_desktop 06_51
hitachi groupmax_world_wide_web_desktop 06_51_c
hitachi groupmax_world_wide_web_desktop 06_50_c
hitachi groupmax_world_wide_web_desktop 06_50_b
hitachi groupmax_world_wide_web_desktop 06_52_b
hitachi groupmax_world_wide_web_desktop 05_00
hitachi groupmax_world_wide_web_desktop 05_11_j
hitachi groupmax_world_wide_web_desktop 06_51_b
hitachi groupmax_world_wide_web_desktop 05_11_f
hitachi groupmax_world_wide_web_desktop 06_52
CVE-2004-2493 MEDIUM

Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_world_wide_web 02_31_i
hitachi groupmax_world_wide_web 3
hitachi groupmax_world_wide_web 02_20
hitachi groupmax_world_wide_web_desktop 06_00
hitachi groupmax_world_wide_web_desktop 06_51
hitachi groupmax_world_wide_web_desktop 06_51_c
hitachi groupmax_world_wide_web_desktop 6
hitachi groupmax_world_wide_web_desktop 06_50_b
hitachi groupmax_world_wide_web 02_00
hitachi groupmax_world_wide_web_desktop 05_11_j
hitachi groupmax_world_wide_web_desktop 06_51_b
hitachi groupmax_world_wide_web 03_10_h
hitachi groupmax_world_wide_web 2
hitachi groupmax_world_wide_web_desktop 05_11_f
hitachi groupmax_world_wide_web 03_00
hitachi groupmax_world_wide_web 02_20_a
hitachi groupmax_world_wide_web_desktop gold
hitachi groupmax_world_wide_web_desktop 05_11_i
hitachi groupmax_world_wide_web 03_11_b
hitachi groupmax_world_wide_web_desktop 06_50_c
hitachi groupmax_world_wide_web_desktop 06_52_b
hitachi groupmax_world_wide_web_desktop 05_00
hitachi groupmax_world_wide_web_desktop 5
hitachi groupmax_world_wide_web_desktop 06_52
CVE-2004-2497 MEDIUM

Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi web_page_generator_enterprise 03_02_c
hitachi web_page_generator_enterprise 04_00
hitachi web_page_generator_enterprise 04_01_b
hitachi web_page_generator 01_01_c
hitachi web_page_generator 02_00
hitachi web_page_generator_enterprise 03_00
hitachi web_page_generator 01_00
hitachi web_page_generator 02_00_c
hitachi web_page_generator_enterprise 04_00_c
hitachi web_page_generator_enterprise 03_03_c
hitachi web_page_generator_enterprise 03_03
hitachi web_page_generator_enterprise 04_01
hitachi web_page_generator_enterprise 03_03_d
CVE-2005-0356 MEDIUM

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco secure_access_control_server 3.2(1)
cisco ciscoworks_common_management_foundation 2.1
cisco sn_5428_storage_router 3.3.2-k9
cisco call_manager 3.1(3a)
cisco sn_5420_storage_router_firmware 1.1(4)
f5 tmos 9.0.5
cisco webns 7.20_(03.09)s
alaxala alaxala_networks ax7800r
yamaha rtx1500 *
freebsd freebsd 2.2.8
freebsd freebsd 4.2
microsoft windows_2003_server standard
freebsd freebsd 4.0
freebsd freebsd 3.2
hitachi gr3000 *
f5 tmos 9.0.1
cisco secure_access_control_server 3.3.1
cisco secure_access_control_server 2.6.3
cisco content_services_switch_11500 *
cisco secure_access_control_server 3.2.2
cisco support_tools *
nortel 7220_wlan_access_point *
cisco sn_5428_storage_router 2-3.3.2-k9
f5 tmos 4.5.12
cisco ciscoworks_vpn_security_management_solution *
cisco call_manager 1.0
cisco ciscoworks_1105_hosting_solution_engine *
freebsd freebsd 2.1.0
cisco content_services_switch_11501 *
f5 tmos 4.0
f5 tmos 4.6.2
f5 tmos 4.5
freebsd freebsd 2.2
cisco secure_access_control_server 2.1
cisco ciscoworks_cd1 1st
freebsd freebsd 3.4
freebsd freebsd 4.1.1
nortel universal_signaling_point 5200
freebsd freebsd 2.0.5
openbsd openbsd 3.3
freebsd freebsd 5.2.1
nortel universal_signaling_point compact_lite
cisco aironet_ap350 *
cisco sn_5428_storage_router 3.3.1-k9
cisco intelligent_contact_manager 5.0
cisco conference_connection 1.2
nortel business_communications_manager 1000
cisco secure_access_control_server 2.6.4
cisco web_collaboration_option *
cisco secure_access_control_server 3.3(1)
nortel business_communications_manager 400
cisco personal_assistant 1.3(4)
cisco ciscoworks_lms 1.3
microsoft windows_2000 *
yamaha rtv700 *
cisco call_manager 3.1(2)
cisco secure_access_control_server 3.2(2)
cisco personal_assistant 1.4(1)
cisco e-mail_manager *
nortel succession_communication_server_1000 *
openbsd openbsd 3.2
cisco webns 7.10_(05.07)s
cisco secure_access_control_server 2.0
nortel survivable_remote_gateway 1.0
f5 tmos 4.3
cisco secure_access_control_server 3.3
openbsd openbsd 3.1
cisco unity_server 2.3
freebsd freebsd 3.1
freebsd freebsd 3.5.1
cisco aironet_ap1200 *
cisco sn_5428_storage_router 2.5.1-k9
microsoft windows_2003_server standard_64-bit
cisco content_services_switch_11150 *
freebsd freebsd 2.2.3
f5 tmos 4.5.9
cisco ip_contact_center_express *
cisco mgx_8230 1.2.11
hitachi gs4000 *
cisco content_services_switch_11503 *
f5 tmos 9.0
freebsd freebsd 5.0
cisco ciscoworks_cd1 4th
f5 tmos 4.5.11
yamaha rt105 *
cisco unity_server 2.4
cisco call_manager 4.0
cisco personal_assistant 1.4(2)
cisco sn_5420_storage_router_firmware 1.1(7)
nortel callpilot 201i
nortel business_communications_manager 200
cisco ciscoworks_common_management_foundation 2.0
cisco secure_access_control_server 2.3.5.1
freebsd freebsd 3.0
cisco call_manager 3.2
nortel callpilot 703t
cisco secure_access_control_server 3.2(3)
cisco ciscoworks_cd1 5th
microsoft windows_2003_server web
cisco unity_server 4.0
alaxala alaxala_networks ax5400s
nortel callpilot 200i
hitachi gr4000 *
cisco call_manager 2.0
cisco secure_access_control_server 3.1.1
cisco ciscoworks_access_control_list_manager 1.5
cisco webns 7.20_(03.10)s
cisco ciscoworks_common_management_foundation 2.2
cisco ciscoworks_cd1 3rd
cisco secure_access_control_server 3.3.2
f5 tmos 9.0.3
f5 tmos 9.0.4
freebsd freebsd 2.0
cisco unity_server 3.1
cisco sn_5420_storage_router_firmware 1.1(2)
cisco webns 7.30_(00.08)s
yamaha rtx1100 *
freebsd freebsd 5.1
cisco conference_connection 1.1(1)
f5 tmos 4.6
yamaha rt57i *
cisco sn_5420_storage_router *
freebsd freebsd 2.1.6
nortel callpilot 702t
freebsd freebsd 2.1.5
cisco unity_server 2.0
cisco mgx_8230 1.2.10
cisco personal_assistant 1.3(3)
yamaha rtx2000 *
freebsd freebsd 5.4
freebsd freebsd 4.7
cisco unity_server 3.0
microsoft windows_xp *
cisco ciscoworks_cd1 2nd
freebsd freebsd 1.1.5.1
cisco secure_access_control_server 3.1
cisco content_services_switch_11000 *
freebsd freebsd 2.2.6
cisco secure_access_control_server 2.6.2
cisco content_services_switch_11050 *
freebsd freebsd 2.1.6.1
cisco meetingplace *
cisco sn_5420_storage_router_firmware 1.1.3
microsoft windows_2003_server r2
freebsd freebsd 4.8
freebsd freebsd 5.3
freebsd freebsd 2.1.7.1
cisco remote_monitoring_suite_option *
nortel 7250_wlan_access_point *
cisco secure_access_control_server 3.2.1
freebsd freebsd 3.3
freebsd freebsd 4.9
cisco ciscoworks_windows *
cisco webns 7.30_(00.09)s
freebsd freebsd 5.2
freebsd freebsd 4.4
cisco interactive_voice_response *
nortel ethernet_routing_switch_1624 *
nortel contact_center *
openbsd openbsd 3.4
freebsd freebsd 3.5
cisco secure_access_control_server 2.5
cisco sn_5428_storage_router 3.2.1-k9
alaxala alaxala_networks ax7800s
cisco ciscoworks_common_services 2.2
freebsd freebsd 4.3
f5 tmos 4.4
freebsd freebsd 4.6
cisco emergency_responder 1.1
cisco personal_assistant 1.3(1)
cisco unity_server 2.2
cisco secure_access_control_server 3.0.1
cisco sn_5420_storage_router_firmware 1.1(5)
cisco sn_5428_storage_router 3.2.2-k9
cisco call_manager 3.3(3)
yamaha rt300i *
cisco secure_access_control_server 3.0.3
cisco ciscoworks_access_control_list_manager 1.6
cisco call_manager 3.1
freebsd freebsd 4.10
cisco ip_contact_center_enterprise *
cisco ciscoworks_windows_wug *
f5 tmos 4.5.6
freebsd freebsd 2.2.2
freebsd freebsd 4.11
hitachi alaxala ax
f5 tmos 4.5.10
cisco mgx_8250 1.2.11
cisco secure_access_control_server 2.3.6.1
f5 tmos 4.2
cisco unity_server 2.1
f5 tmos 9.0.2
freebsd freebsd 4.1
openbsd openbsd 3.0
cisco sn_5428_storage_router 2-3.3.1-k9
openbsd openbsd 3.6
cisco secure_access_control_server 3.0
nortel ethernet_routing_switch_1648 *
microsoft windows_2003_server enterprise_64-bit
cisco unity_server 3.2
openbsd openbsd 3.5
cisco secure_access_control_server 3.2
microsoft windows_2003_server enterprise
yamaha rt250i *
cisco secure_access_control_server 2.3
cisco call_manager 3.3
yamaha rtx1000 *
cisco personal_assistant 1.3(2)
freebsd freebsd 4.6.2
cisco content_services_switch_11800 *
nortel ethernet_routing_switch_1612 *
cisco secure_access_control_server 2.6
cisco unity_server 2.46
nortel optical_metro_5100 *
freebsd freebsd 4.5
cisco secure_access_control_server 2.42
cisco secure_access_control_server 3.2(1.20)
cisco content_services_switch_11506 *
cisco sn_5420_storage_router_firmware 1.1(3)
cisco secure_access_control_server 2.4
nortel optical_metro_5000 *
freebsd freebsd 2.2.5
cisco ciscoworks_1105_wireless_lan_solution_engine *
cisco unity_server 3.3
cisco mgx_8250 1.2.10
cisco call_manager 3.0
cisco agent_desktop *
freebsd freebsd 2.2.4
nortel optical_metro_5200 *
CVE-2005-3164 LOW

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hitachi cosminexus_application_server 05_00_05_05_f
hitachi cosminexus_application_server 05_00_05_05_h
apache tomcat *
hitachi cosminexus_application_server 05_00_05_05_e
hitachi cosminexus_application_server 05_00_05_05_k
CVE-2005-3719 MEDIUM

Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi ip5000_voip_wifi_phone 1.5.6
CVE-2005-3720 MEDIUM

The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi ip5000_voip_wifi_phone 1.5.6
CVE-2005-3721 MEDIUM

The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi ip5000_voip_wifi_phone 1.5.4
hitachi ip5000_voip_wifi_phone 1.5.8
hitachi ip5000_voip_wifi_phone 1.5.2
hitachi ip5000_voip_wifi_phone 1.5.6
hitachi ip5000_voip_wifi_phone 1.5.0
hitachi ip5000_voip_wifi_phone 1.5.10
hitachi ip5000_voip_wifi_phone 1.5.5
CVE-2005-3722 HIGH

The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi ip5000_voip_wifi_phone 1.5.4
hitachi ip5000_voip_wifi_phone 1.5.8
hitachi ip5000_voip_wifi_phone 2.0.0
hitachi ip5000_voip_wifi_phone 1.5.2
hitachi ip5000_voip_wifi_phone 1.5.6
hitachi ip5000_voip_wifi_phone 1.5.0
hitachi ip5000_voip_wifi_phone 1.5.10
hitachi ip5000_voip_wifi_phone 1.5.5
CVE-2005-3723 HIGH

Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi ip5000_voip_wifi_phone 1.5.6
CVE-2005-4322 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_collaboration_portal 07_00
hitachi groupmax_collaboration_web_client *
hitachi cosminexus_collaboration_portal *
hitachi cosminexus_collaboration_portal 06_00
hitachi groupmax_collaboration_web_client 07_00
hitachi groupmax_collaboration_portal *
CVE-2005-4323 HIGH

Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_collaboration_portal 07_00
hitachi groupmax_collaboration_web_client *
hitachi cosminexus_collaboration_portal *
hitachi cosminexus_collaboration_portal 06_00
hitachi groupmax_collaboration_web_client 07_00
hitachi groupmax_collaboration_portal *
CVE-2005-4324 HIGH

Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_mail_smtp 07_00
hitachi groupmax_mail_smtp 06_50
hitachi groupmax_mail_smtp *
CVE-2005-4577 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi business_logic 1.0
hitachi business_logic 1.1
hitachi business_logic 2.0.6
hitachi business_logic 2.0
CVE-2005-4578 HIGH

Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi business_logic 1.0
hitachi business_logic 1.1
hitachi business_logic 2.0.6
hitachi business_logic 2.0
CVE-2005-4579 MEDIUM

Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi business_logic 1.0
hitachi business_logic 1.1
hitachi business_logic 2.0.6
hitachi business_logic 2.0
CVE-2005-4793 HIGH

Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi cm2-network_node_manager unlimited
hitachi jp1-cm2-network_node_manager_250 05_20
hitachi jp1-cm2-network_node_manager_250 06_00
hitachi cm2-network_node_manager 05_00
hitachi jp1-cm2-network_node_manager_250 05_20_e
hitachi cm2-network_node_manager 250
CVE-2006-0329 HIGH

SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi hitsenser_data_mart_server bs_l
hitachi hitsenser_data_mart_server ex
hitachi hitsenser_data_mart_server bs
hitachi hitsenser_data_mart_server bs_m
hitachi hitsenser_data_mart_server bs_s
CVE-2006-0343 MEDIUM

Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_02
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_06
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_07
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_09
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_00
hitachi jpi_netsight_ii_port_discovery_advance r_15237_9154_07_50
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_04
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_05
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_01
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_08
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_10
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_03
hitachi jpi_netsight_ii_port_discovery_standard r_15237_9164_07_11
CVE-2006-0772 HIGH

SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hitachi business_logic 02_03
hitachi business_logic 03_00
hitachi business_logic *
CVE-2006-0773 MEDIUM

Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi business_logic 02_03
hitachi business_logic 03_00
hitachi business_logic *
CVE-2006-1574 MEDIUM

Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_world_wide_web_scheduler 3
hitachi groupmax_world_wide_web_desktop *
hitachi groupmax_world_wide_web 3
hitachi groupmax_world_wide_web_desktop 5
hitachi groupmax_world_wide_web_desktop_scheduler 5
hitachi groupmax_world_wide_web_scheduler 2
hitachi groupmax_world_wide_web 2
hitachi groupmax_world_wide_web_desktop 6
CVE-2006-1609 MEDIUM

Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi xfit_s_zgin 0
hitachi xfit_s_zengin 0
hitachi xfit_s 0
hitachi xfit_s_jca 0
CVE-2006-2068 MEDIUM

Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi jpi_automatic_job_management_system_2 *
hitachi jpi_pfm_snmp_system_observer *
hitachi jpi_server_conductor_server_manager *
hitachi jpi_server_conductor_blade_server_manager *
hitachi jp1-cm2-network_node_manager_250 05_20
hitachi jpi_server_system_observer_-_report_feature *
hitachi jpi_performance_management *
hitachi jp1-cm2-network_node_manager_250 06_00
hitachi jpi_security_integrated_manager *
hitachi jp1-cm2-network_node_manager *
CVE-2006-2087 MEDIUM

The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_mail *
hitachi groupmax_world_wide_web_desktop *
hitachi groupmax_integrated_desktop *
hitachi groupmax_world_wide_web *
CVE-2006-2512 MEDIUM

SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi eur_professional 05_06
hitachi eur_viewer 05_00
hitachi eur_print_service_for_ilf 05_06
hitachi eur_print_service 05_01
hitachi eur_viewer 05_06
hitachi eur_print_service 05_06
hitachi eur_professional 05_00
CVE-2006-2761 MEDIUM

SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi hitsenser3 stp
hitachi hitsenser3 eup
hitachi hitsenser3 *
hitachi hitsenser3 pup
hitachi hitsenser3 prp
CVE-2006-3214 MEDIUM

Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_address_server 5
hitachi groupmax_mail_server 6
hitachi groupmax_mail_server 3
hitachi groupmax_mail_server *
hitachi groupmax_address_server *
hitachi groupmax_address_server 2
hitachi groupmax_address_server 3
hitachi groupmax_mail_server 5
hitachi groupmax_address_server 6
hitachi groupmax_mail_server 2
CVE-2006-3574 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi groupmax_collaboration_portal 07_00
hitachi groupmax_collaboration_portal 7.2
hitachi groupmax_collaboration_web_client 7.2
hitachi groupmax_collaboration_web_client *
hitachi cosminexus_collaboration_portal *
hitachi cosminexus_collaboration_portal 06_00
hitachi groupmax_collaboration_web_client 07_00
hitachi groupmax_collaboration_portal *
hitachi cosminexus_collaboration_portal 6.2
CVE-2009-4776 HIGH

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
hitachi processing_kit_for_xml 02-00
hitachi electronic_form_workflow-professional_library_set 07-20-/b
hitachi electronic_form_workflow-developer_client_set 07-20
hitachi cosminexus/opentp1_web_web_front-endset 02-00
hitachi ucosminexus_application_server 06-70f
hitachi ucosminexus_service_platform 07-00
hitachi groupmax_collaboration 07-35
hitachi cosminexus_client 06-50-/f
hitachi ucosminexus_collaboration 06-30-/f
hitachi ucosminexus_application_server 06-71
hitachi cosminexus_application_server 06-50-/f
hitachi cosminexus_application_server 05-01
hitachi ucosminexus_application_server 07-00
hitachi groupmax_collaboration 07-35-/f
hitachi ucosminexus_client 06-71-/f
hitachi ucosminexus_client 08-00
hitachi cosminexus_application_server 06-02
hitachi cosminexus_developer 05-05
hitachi processing_kit_for_xml 01-05-/a
hitachi processing_kit_for_xml 02-05
hitachi ucosminexus_developer 06-70
hitachi cosminexus_client 06-50
hitachi ucosminexus_application_server 06-70-/g
hitachi cosminexus_developer 05-00
hitachi ucosminexus_service_architect 8
hitachi electronic_form_workflow-developer_set 07-50-/d
hitachi ucosminexus_application_server 06-70-/e
hitachi electronic_form_workflow-standard_set 07-11-/c
hitachi ucosminexus_collaboration 06-20-/d
hitachi ucosminexus_developer 06-70-/f
hitachi processing_kit_for_xml 02-00-/c
hitachi electronic_form_workflow-standard_set 07-10
hitachi electronic_form_workflow-developer_set 07-60-/i
hitachi cosminexus_developer 05-00-/i
hitachi processing_kit_for_xml 01-05-/c
hitachi cosminexus_application_server 5
hitachi groupmax_collaboration 07-30
hitachi cosminexus_application_server 05-05
hitachi ucosminexus_client 06-71
hitachi cosminexus_application_server 06-02-/g
hitachi ucosminexus_application_server 06-72
hitachi cosminexus_client 06-51-/k
hitachi cosminexus_application_server 06-51-/k
hitachi ucosminexus_service_architect 07-00
hitachi cosminexus_studio 05-05
hitachi cosminexus_developer 6
hitachi ucosminexus_service_platform 08-00
hitachi ucosminexus_developer 06-71
hitachi developer's_kit_for_java *
hitachi electronic_form_workflow-developer_client_set 07-10
hitachi ucosminexus/opentp1_web_web_front-endset 02-70
hitachi ucosminexus_client 07-60
hitachi cosminexus/opentp1_web_web_front-endset 01-01
hitachi cosminexus_application_server 06-51
hitachi ucosminexus_application_server 06-70-/f
hitachi cosminexus_developer 06-51-/k
hitachi electronic_form_workflow-standard_set 06-70-/c
hitachi ucosminexus_application_server 7
hitachi ucosminexus_application_server 06-70-/a
hitachi electronic_form_workflow-developer_client_set 07-00
hitachi electronic_form_workflow-developer_client_set 07-11-/c
hitachi cosminexus_application_server 05-02-/e
hitachi electronic_form_workflow-standard_set 07-00
hitachi cosminexus_client 06-51
hitachi cosminexus_studio 04-01
hitachi ucosminexus_service_platform 07-60
hitachi cosminexus_studio 05-05-/p
hitachi cosminexus_studio 05-00-/i
hitachi cosminexus_application_server 05-05-/o
hitachi cosminexus_application_server 05-05-/i
hitachi groupmax_collaboration 07-20-/d
hitachi ibm_xl_c/c++_v8_for_aix_&_hitachi_developer's_kit_for_java 01-00
hitachi groupmax_collaboration 07-30-/f
hitachi electronic_form_workflow-standard_set 07-20
hitachi cosminexus_application_server 06-02-/d
hitachi cosminexus_studio 05-01-/l
hitachi ucosminexus_developer 08-00
hitachi ucosminexus_developer 07-60
hitachi cosminexus_application_server 06-50-/c
hitachi ucosminexus_client 8
hitachi processing_kit_for_xml 01-07-/a
hitachi processing_kit_for_xml 02-05-/c
hitachi cosminexus_application_server 05-02
hitachi ucosminexus_service_platform 7
hitachi ucosminexus_application_server 06-71-/g
hitachi cosminexus/opentp1_web_web_front-endset 01-00-/b
hitachi cosminexus_application_server 06-02-/f
hitachi cosminexus_application_server 06-50-/b
hitachi electronic_form_workflow-professional_library_set 07-20
hitachi ucosminexus_service_architect 07-60
hitachi ucosminexus_application_server 06-70-/l
hitachi processing_kit_for_xml 01-05
hitachi cosminexus_application_server 06-51-/b
hitachi cosminexus_application_server 06-00
hitachi ucosminexus_client 07-00
hitachi ucosminexus_operator 6.7
hitachi electronic_form_workflow-developer_client_set 06-70-/f
hitachi electronic_form_workflow-standard_set 07-00-/b
hitachi electronic_form_workflow-professional_set 07-50
hitachi electronic_form_workflow-professional_library_set 07-00-/c
hitachi cosminexus_application_server 05-01-/l
hitachi processing_kit_for_xml 01-07
hitachi cosminexus_developer 05-05-/p
hitachi electronic_form_workflow-professional_set 07-50-/d
hitachi ucosminexus_application_server 06-70-/n
hitachi cosminexus_application_server 06-00-/a
hitachi cosminexus_application_server 06-50
hitachi cosminexus_developer 05-01-/l
hitachi cosminexus_studio 04-01-/a
hitachi processing_kit_for_xml 01-05-/d
hitachi electronic_form_workflow-developer_client_set 06-70
hitachi ucosminexus_application_server 08-00
hitachi cosminexus_application_server 06-00-/e
hitachi ucosminexus_service_platform 07-10
hitachi electronic_form_workflow-developer_client_set 07-10-/a
hitachi electronic_form_workflow-professional_library_set 07-11-/c
hitachi cosminexus_application_server 05-00
hitachi processing_kit_for_xml 02-05-/a
hitachi cosminexus_developer 06-00
hitachi cosminexus_developer 06-51
hitachi ucosminexus_application_server 06-72-/d
hitachi ucosminexus_developer 8
hitachi ucosminexus_application_server 8
hitachi electronic_form_workflow_set 07-50-/d
hitachi processing_kit_for_xml 01-05-/b
hitachi electronic_form_workflow-professional_library_set 06-70
hitachi ucosminexus_collaboration 06-35-/f
hitachi ucosminexus_operator 07-00
hitachi ucosminexus_operator 8
hitachi cosminexus_application_server 6
hitachi cosminexus_application_server 06-00-/i
hitachi cosminexus_studio 05-01
hitachi cosminexus_client 06-00
hitachi ucosminexus_developer 7
hitachi ucosminexus_developer 06-71-/f
hitachi cosminexus_studio 04-00-/a
hitachi cosminexus_server 04-00
hitachi cosminexus/opentp1_web_web_front-endset 01-01-/c
hitachi cosminexus_client 06-02-/g
hitachi cosminexus/opentp1_web_web_front-endset 02-50
hitachi cosminexus_application_server 06-00-/b
hitachi ucosminexus_collaboration 06-30
hitachi ucosminexus_collaboration 06-20
hitachi electronic_form_workflow-professional_library_set 06-70-/c
hitachi electronic_form_workflow-developer_client_set 07-20-/b
hitachi cosminexus_client 06-00-/i
hitachi cosminexus/opentp1_web_web_front-endset 01-00
hitachi cosminexus_server 04-01
hitachi ibm_xl_c/c++_v7_for_aix_&_hitachi_developer's_kit_for_java 01-00
hitachi ucosminexus_service_architect 6.7
hitachi groupmax_collaboration 07-20
hitachi electronic_form_workflow_set 07-50
hitachi ucosminexus_developer 07-00
hitachi cosminexus_developer 06-02-/g
hitachi electronic_form_workflow-professional_library_set 07-00
hitachi cosminexus_application_server 06-50-/e
hitachi ucosminexus_service_architect 7
hitachi electronic_form_workflow-developer_client_set 07-11
hitachi ucosminexus_service_platform 8
hitachi cosminexus_developer 06-50-/f
hitachi ucosminexus/opentp1_web_web_front-endset 02-70-/a
hitachi cosminexus_application_server 06-51-/e
hitachi ucosminexus_application_server 6.7
hitachi electronic_form_workflow-professional_library_set 07-00-/b
hitachi electronic_form_workflow-standard_set 07-10-/a
hitachi electronic_form_workflow-developer_set 07-50
hitachi electronic_form_workflow-professional_library_set 07-10-/a
hitachi cosminexus_developer 05-01
hitachi electronic_form_workflow-developer_set 07-60
hitachi ucosminexus_service_platform 6.7
hitachi electronic_form_workflow-professional_library_set 07-10
hitachi processing_kit_for_xml 01-00
hitachi ucosminexus_application_server 06-70
hitachi ucosminexus_collaboration 06-35
hitachi processing_kit_for_xml 02-00-/b
hitachi cosminexus_application_server 05-00-/s
hitachi cosminexus_server 04-00-/a
hitachi cosminexus_developer 5
hitachi cosminexus_server 04-01-/a
hitachi ucosminexus_service_architect 08-00
hitachi electronic_form_workflow-professional_library_set 06-70-/f
hitachi ucosminexus_operator 7
hitachi electronic_form_workflow_set 07-60-/i
hitachi electronic_form_workflow-standard_set 07-00-/c
hitachi cosminexus_developer 06-00-/i
hitachi ucosminexus_application_server 07-60
hitachi cosminexus/opentp1_web_web_front-endset 02-00-/a
hitachi cosminexus_application_server 05-05-/p
hitachi ucosminexus_application_server 07-10
hitachi electronic_form_workflow-standard_set 06-70
hitachi ucosminexus_application_server 06-71-/f
hitachi ucosminexus_developer 6
hitachi electronic_form_workflow-standard_set 07-20-/b
hitachi ucosminexus_developer 6.7
hitachi cosminexus_application_server 06-50-/i
hitachi electronic_form_workflow_set 07-60
hitachi electronic_form_workflow-developer_client_set 07-00-/c
hitachi cosminexus_studio 05-00
hitachi cosminexus_developer 06-50
hitachi cosminexus/opentp1_web_web_front-endset 02-50-/a
hitachi cosminexus_application_server 05-00-/i
hitachi cosminexus_client 06-02
hitachi electronic_form_workflow-standard_set 06-70-/f
hitachi electronic_form_workflow-professional_library_set 07-11
hitachi electronic_form_workflow-standard_set 07-11
hitachi ucosminexus_client 06-70
hitachi ucosminexus_operator 07-60
hitachi cosminexus_developer 06-02
hitachi cosminexus_studio 04-00
hitachi ucosminexus_client 06-70-/f
hitachi processing_kit_for_xml 02-00-/d
CVE-2009-4777 MEDIUM

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi jp1/automatic_job_management_system_2-view 07-50-17
hitachi jp1/automatic_job_management_system_2-view 08-10-11
hitachi jp1/automatic_job_management_system_2-view 06-51-/p
hitachi job_management_partner_1/automatic_job_management_system_2-view 07-50-17
hitachi jp1/server_system_observer 06-71-/h
hitachi jp1/automatic_job_management_system_2-view 08-50
hitachi job_management_partner_1/performance_management/snmp_system_observer 07-00
hitachi job_management_partner_1/snmp_system_observer 06-71
hitachi jp1/automatic_job_management_system_2-view 07-10
hitachi jp1/performance_management/snmp_system_observer 07-50-09
hitachi jp1_integrated_management_service_support 08-50-02
hitachi jp1/performance_management/snmp_system_observer 07-10
hitachi jp1_integrated_management_service_support 08-11
hitachi jp1/performance_management/snmp_system_observer 07-50
hitachi jp1/automatic_job_management_system_2-view 07-50
hitachi jp1/automatic_job_management_system_2-view 08-50-08
hitachi jp1/automatic_job_management_system_2-view 07-10-11
hitachi jp1/cm2/snmp_system_observer 08-00-09
hitachi job_management_partner_1/integrated_manager-view 07-00
hitachi job_management_partner_1/automatic_job_management_system_2-view 08-00
hitachi jp1/automatic_job_management_system_2-view 07-10-/h
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-51-/n
hitachi jp1_integrated_management_service_support 08-10-02
hitachi jp1/server_system_observer 06-71
hitachi jp1_integrated_management_service_support 08-10-05
hitachi jp1_integrated_management_service_support 08-10-03
hitachi jp1/automatic_job_management_system_2-view 06-00-/k
hitachi jp1/server_system_observer 06-51-/f
hitachi job_management_partner_1/snmp_system_observer 06-51
hitachi job_management_partner_1/automatic_job_management_system_2-view 07-00
hitachi jp1/automatic_job_management_system_2-view 06-71-/q
hitachi job_management_partner_1/integrated_management-view 08-01
hitachi jp1_integrated_management_service_support 08-50-01
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-51
hitachi jp1/integrated_management-view 08-50-06
hitachi jp1/performance_management/snmp_system_observer 07-10-/b
hitachi job_management_partner_1/snmp_system_observer 06-51-/a
hitachi jp1_integrated_management_service_support 08-11-01
hitachi job_management_partner_1/automatic_job_management_system_2-view 07-00-/g
hitachi jp1/automatic_job_management_system_2-view 07-11-15
hitachi job_management_partner_1/integrated_manager-console_view 06-00
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-00
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-71
hitachi jp1_integrated_management_service_support 08-10
hitachi jp1/automatic_job_management_system_2-view 08-01
hitachi jp1/performance_management/snmp_system_observer 07-00
hitachi jp1/automatic_job_management_system_2-view 06-71
hitachi job_management_partner_1/automatic_job_management_system_2-view 08-00-13
hitachi job_management_partner_1/integrated_manager-console_view 06-71
hitachi job_management_partner_1/automatic_job_management_system_2-view 07-50
hitachi jp1_integrated_management_service_support 08-50
hitachi jp1/integrated_manager-console_view 06-00
hitachi jp1/cm2/snmp_system_observer 08-00
hitachi jp1/integrated_manager-view 07-51
hitachi jp1/integrated_manager-console_view 06-71
hitachi jp1/integrated_management-view 08-00
hitachi jp1/integrated_manager-view 07-00
hitachi jp1/automatic_job_management_system_2-view 07-00
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-51-n1
hitachi jp1/automatic_job_management_system_2-view 06-51
hitachi jp1/automatic_job_management_system_2-view 06-00
hitachi jp1/automatic_job_management_system_2-view 08-01-05
hitachi jp1_integrated_management_service_support 08-10-04
hitachi jp1/automatic_job_management_system_2-view 07-00-g1
hitachi jp1_integrated_management_service_support 08-10-01
hitachi jp1/automatic_job_management_system_2-view 08-00-13
hitachi jp1/automatic_job_management_system_2-view 07-11
hitachi jp1/automatic_job_management_system_2-view 06-51-/p1
hitachi jp1/automatic_job_management_system_2-view 08-00
hitachi jp1_integrated_management_service_support 08-11-03
hitachi jp1_integrated_management_service_support 08-50-03
hitachi jp1/performance_management/snmp_system_observer 07-00-/e
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-71-/m
hitachi jp1/automatic_job_management_system_2-view 08-10
hitachi jp1/server_system_observer 06-71-03
hitachi jp1/server_system_observer 06-51
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-71-m1
hitachi job_management_partner_1/automatic_job_management_system_2-view 06-00-/a
hitachi jp1_integrated_management_service_support 08-11-02
hitachi jp1/automatic_job_management_system_2-view 07-10-10
hitachi job_management_partner_1/automatic_job_management_system_2-view 08-00-04
CVE-2010-2625 HIGH

Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and JP1/ServerConductor/Deployment Manager Standard and Enterprise Edition 07-50 through 07-56-/F, 08-00 through 08-09-/E, 08-50 through 08-80-/A, 08-06 through 08-07, and 08-51 through 08-70; allows attackers to cause a denial of service (shutdown and reboot) via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi jp1/_serverconductor_/_deployment_manager 08-07
hitachi serverconductor_/_deployment_manager 07-57
hitachi jp1/_serverconductor_/_deployment_manager 08-00
hitachi jp1/_serverconductor_/_deployment_manager 07-52
hitachi serverconductor_/_deployment_manager 01-01
hitachi jp1/_serverconductor_/_deployment_manager 08-70
hitachi jp1/_serverconductor_/_deployment_manager 08-52
hitachi serverconductor_/_deployment_manager 06-00-/a
hitachi jp1/_serverconductor_/_deployment_manager 08-50
hitachi jp1/_serverconductor_/_deployment_manager 08-80-/a
hitachi jp1/_serverconductor_/_deployment_manager 07-50
hitachi jp1/_serverconductor_/_deployment_manager 07-56-/f
hitachi jp1/_serverconductor_/_deployment_manager 08-06
hitachi serverconductor_/_deployment_manager 01-00
hitachi serverconductor_/_deployment_manager 07-55
hitachi serverconductor_/_deployment_manager 07-59
hitachi serverconductor_/_deployment_manager 06-00
hitachi jp1/_serverconductor_/_deployment_manager 08-09-/e
hitachi serverconductor_/_deployment_manager 07-50
hitachi jp1/_serverconductor_/_deployment_manager 08-51
CVE-2010-4773 HIGH

Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi ucosminexus_eur_form_service 07-60-/c
hitachi eur_form_client 05-10-c
hitachi eur_form_service 05-10-/b
hitachi eur_form_client 01-00
hitachi eur_form_client 05-00
hitachi ucosminexus_eur_form_service 07-50-/c
hitachi ucosminexus_eur_form_service 07-50
hitachi eur_form_service 01-00
hitachi ucosminexus_eur_form_service 05-05
hitachi eur_form_service 05-00
hitachi eur_form_client 05-10-a
hitachi eur_form_client 05-10-aa
hitachi eur_form_client 05-10-b
hitachi eur_form_client 01-05-/c(*1)
hitachi eur_form_client 05-10-/b
hitachi eur_form_service 01-05(*1)
hitachi ucosminexus_eur_form_service 05-10-/b
CVE-2012-0917 MEDIUM

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi it_operations_analyzer 02-51
hitachi it_operations_analyzer 02-53-02
hitachi it_operations_analyzer 02-53
hitachi it_operations_analyzer 02-01
hitachi it_operations_analyzer 02-51-01
hitachi it_operations_analyzer 02-53-01
CVE-2012-0918 HIGH

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi cobol2002_net_developer 01-03
hitachi cobol2002_net_server_suite 02-00-/d
hitachi cobol2002_net_client_suite 01-02
hitachi cobol2002_net_server_suite 01-02
hitachi cobol2002_net_server_suite 01-00
hitachi cobol2002_net_server_suite 01-02-/f
hitachi cobol2002_net_developer 01-01
hitachi cobol2002_net_developer 01-02
hitachi cobol2002_net_developer 01-02-/f
hitachi cobol2002_net_client_suite 01-00
hitachi cobol2002_net_developer 01-01-/d
hitachi cobol2002_net_server_suite 01-03
hitachi cobol2002_net_server_suite 01-01-/d
hitachi cobol2002_net_developer 01-00
hitachi cobol2002_net_client_suite 01-01
hitachi cobol2002_net_client_suite 01-03
hitachi cobol2002_net_client_suite 01-03-/f
hitachi cobol2002_net_developer 02-00
hitachi cobol2002_net_client_suite 02-01
hitachi cobol2002_net_developer 02-01-/c
hitachi cobol2002_net_server_suite 01-03-/f
hitachi cobol2002_net_developer 02-00-/d
hitachi cobol2002_net_server_suite 02-01
hitachi cobol2002_net_client_suite 02-00
hitachi cobol2002_net_client_suite 02-00-/d
hitachi cobol2002_net_developer 01-03-/f
hitachi cobol2002_net_developer 02-01
hitachi cobol2002_net_client_suite 01-01-/d
hitachi cobol2002_net_server_suite 01-01
hitachi cobol2002_net_server_suite 02-00
hitachi cobol2002_net_client_suite 01-02-/f
CVE-2012-0919 MEDIUM

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi it_operations_director 03-00
hitachi it_operations_director 02-50-07
hitachi it_operations_director 02-50-06
hitachi it_operations_director 03-00-04
hitachi it_operations_director 02-50-01
CVE-2013-4697 HIGH

Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi it_operations_director 03-00
hitachi it_operations_director 02-50-07
hitachi it_operations_director 03-00-12
hitachi it_operations_director 02-50
hitachi it_operations_director 03-00-04
hitachi jp1/it_desktop_management-manager 10-01-02
hitachi it_operations_director 04-00
hitachi job_management_partner_1/it_desktop_management-manager 10-01
hitachi it_operations_director 02-50-01
hitachi it_operations_director 03-00-08
hitachi it_operations_director 03-00-07
hitachi jp1/it_desktop_management-manager 10-00
hitachi jp1/it_desktop_management-manager 10-01
hitachi job_management_partner_1/it_desktop_management-manager 09-50
hitachi it_operations_director 02-50-06
hitachi it_operations_director 04-00-01
hitachi jp1/it_desktop_management-manager 09-51
hitachi job_management_partner_1/it_desktop_management-manager 09-50-03
hitachi jp1/it_desktop_management-manager 09-51-05
hitachi jp1/it_desktop_management-manager 10-00-02
CVE-2014-4188 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
hitachi jp1/performance_management-manager_web_option 07-54
hitachi tuning_manager 7.6.1
hitachi tuning_manager 8.0.0
hitachi tuning_manager 6.0.0
hitachi jp1/performance_management-manager_web_option 07-00
hitachi tuning_manager 7.1.0
CVE-2014-4189 MEDIUM

Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi jp1/performance_management-manager_web_option 07-54
hitachi tuning_manager 7.6.1
hitachi tuning_manager 8.0.0
hitachi tuning_manager 6.0.0
hitachi jp1/performance_management-manager_web_option 07-00
hitachi tuning_manager 7.1.0
CVE-2015-1565 MEDIUM

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi global_link_manager *
hitachi replication_manager *
hitachi tiered_storage_manager *
hitachi compute_systems_manager 8.1.1
hitachi compute_systems_manager 8.0.0
hitachi compute_systems_manager *
hitachi compute_systems_manager 8.1.0
CVE-2017-9294 HIGH

RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2017-9295 MEDIUM

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2017-9296 MEDIUM

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2017-9297 MEDIUM

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2017-9298 LOW

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2018-14735 MEDIUM

An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi command_suite 8.5.3
hitachi replication_manager *
hitachi tiered_storage_manager *
hitachi tuning_manager *
hitachi compute_systems_manager *
CVE-2018-21026 MEDIUM

A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi replication_manager *
hitachi tiered_storage_manager *
hitachi tuning_manager *
hitachi compute_systems_manager *
CVE-2018-21032 MEDIUM

A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi automation_director *
hitachi compute_systems_manager *
CVE-2018-21033 MEDIUM

A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi global_link_manager *
hitachi replication_manager *
hitachi tiered_storage_manager *
hitachi automation_director *
hitachi infrastructure_analytics_advisor *
hitachi tuning_manager *
hitachi compute_systems_manager *
CVE-2019-17360 MEDIUM

A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi replication_manager *
hitachi tiered_storage_manager *
hitachi infrastructure_analytics_advisor *
hitachi tuning_manager *
CVE-2020-24664 LOW

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2020-24665 MEDIUM

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-776,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2020-24666 LOW

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2020-24669 LOW

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2020-24670 LOW

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2020-36605

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5
hirt@hitachi.co.jp 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

Products Affected

Vendor Product Version
hitachi ops_center_viewpoint *
hitachi ops_center_analyzer *
hitachi infrastructure_analytics_advisor *
CVE-2020-36611

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.

Products Affected

Vendor Product Version
hitachi tuning_manager *
CVE-2020-36652

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
hitachi ops_center_viewpoint *
hitachi ops_center_analyzer *
hitachi automation_director *
hitachi ops_center_automator *
hitachi infrastructure_analytics_advisor *
CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi replication_manager *
hitachi tiered_storage_manager *
hitachi tuning_manager *
hitachi compute_systems_manager *
CVE-2021-20740 HIGH

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
nec nas_gateway_nh8b_firmware *
nec nas_gateway_nh4c_firmware *
hitachi virtual_file_platform *
nec nas_gateway_nh8a_firmware *
nec nas_gateway_nh8c_firmware *
nec nas_gateway_nh4b_firmware *
nec nas_gateway_nh4a_firmware *
CVE-2021-20741 MEDIUM

Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hitachi application_server_v10_manual *
CVE-2021-29644 HIGH

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
hitachi jp1/netdm/dm_client *
hitachi jp1/it_desktop_management_2-operations_director *
hitachi jp1/it_desktop_management_2-manager *
hitachi jp1/netdm/dm_manager *
hitachi jp1/it_desktop_management-manager *
hitachi jp1/netdm/dm_client-remote_control_feature *
hitachi job_management_partner_1/it_desktop_management-manager *
hitachi jp1/remote_control_agent *
hitachi jp1/netm/remote_control_agent *
hitachi job_management_partner_1/remote_control_agent *
hitachi job_management_partner_1/software_distribution_manager *
hitachi it_operations_director *
hitachi job_management_partner_1/software_distribution_client *
hitachi job_management_partner_1/it_desktop_management_2-manager *
CVE-2021-29645 MEDIUM

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hitachi jp1/netm/remote_control_feature *
hitachi jp1/it_desktop_management_2-operations_director *
hitachi jp1/netm/dm_manager *
hitachi jp1/netm/dm_client-remote_control_feature *
hitachi jp1/it_desktop_management_2-manager *
hitachi jp1/netm/dm_client *
hitachi jp1/it_desktop_management-manager *
hitachi job_management_partner_1/it_desktop_management-manager *
hitachi jp1/remote_control_feature *
hitachi job_management_partner_1/remote_control_agent *
hitachi job_management_partner_1/software_distribution_manager *
hitachi it_operations_director *
hitachi job_management_partner_1/software_distribution_client *
hitachi job_management_partner_1/it_desktop_management_2-manager *
CVE-2021-31599 MEDIUM

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_intelligence_server *
hitachi vantara_pentaho *
CVE-2021-31600 MEDIUM

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_intelligence_server *
hitachi vantara_pentaho *
CVE-2021-31601 MEDIUM

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 2.8 4.2
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_intelligence_server *
hitachi vantara_pentaho *
CVE-2021-31602 MEDIUM

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_intelligence_server *
hitachi vantara_pentaho *
CVE-2021-3196 MEDIUM

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
hitachi id_bravura_security_fabric 12.1.0
hitachi id_bravura_security_fabric *
CVE-2021-34684 HIGH

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2021-34685 MEDIUM

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2021-40337 LOW

Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@hitachienergy.com 4.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 1.6 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
hitachi linkone 3.26
hitachi linkone 3.20
hitachi linkone 3.25
hitachi linkone 3.22
hitachi linkone 3.24
hitachi linkone 3.23
CVE-2021-40338 MEDIUM

Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cybersecurity@hitachienergy.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
hitachi linkone 3.26
hitachi linkone 3.20
hitachi linkone 3.25
hitachi linkone 3.22
hitachi linkone 3.24
hitachi linkone 3.23
CVE-2021-40339 MEDIUM

Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cybersecurity@hitachienergy.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hitachi linkone 3.26
hitachi linkone 3.20
hitachi linkone 3.25
hitachi linkone 3.22
hitachi linkone 3.24
hitachi linkone 3.23
CVE-2021-40340 MEDIUM

Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@hitachienergy.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hitachi linkone 3.26
hitachi linkone 3.20
hitachi linkone 3.25
hitachi linkone 3.22
hitachi linkone 3.24
hitachi linkone 3.23
CVE-2021-41573 MEDIUM

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
hitachi content_platform_anywhere *
CVE-2021-4266

A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.

Products Affected

Vendor Product Version
hitachi community_plugin_framework *
CVE-2021-45446

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources located inside the directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2021-45447

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.   The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H 2.2 5.5
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2021-45448

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds.  The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.  By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security.vulnerabilities@hitachivantara.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 2.8 4.2

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
CVE-2022-2637

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
hirt@hitachi.co.jp 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H 1.2 4.2

Products Affected

Vendor Product Version
hitachi storage_plug-in 04.8.0
CVE-2022-3191

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
hirt@hitachi.co.jp 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 1.8 4.7

Products Affected

Vendor Product Version
hitachi ops_center_analyzer *
CVE-2022-3353

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.  An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections.  Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@hitachienergy.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
hitachi relion_670_firmware 2.2.2
abb fox615_tego1_firmware r1e01
hitachi relion_670_firmware 2.2.5
abb fox615_tego1_firmware r1d02
hitachi relion_650_firmware 2.2.5
abb fox615_tego1_firmware r15b08
hitachi itt600_sa_explorer 2.0.2
hitachi itt600_sa_explorer 2.0.5.0
hitachi relion_670_firmware 2.1
hitachi gms600_firmware 1.3.0
abb rtu500_firmware *
hitachi relion_650_firmware 2.2.4
hitachi itt600_sa_explorer 1.1.1
hitachi itt600_sa_explorer 2.0.4.1
hitachi pwc600_firmware 1.2
hitachi relion_670_firmware 2.2.3
hitachi relion_650_firmware 2.2.0
hitachi relion_650_firmware 2.2.2
hitachi itt600_sa_explorer 1.7.0
hitachi pwc600_firmware 1.1
hitachi relion_650_firmware 2.1
hitachi itt600_sa_explorer 1.5.1
hitachi itt600_sa_explorer 1.1.0
abb txpert_hub_coretec_5_firmware 3.0.0
abb modular_switchgear_monitoring_firmware *
hitachi itt600_sa_explorer 2.0.5.4
hitachi itt600_sa_explorer 1.6.0.1
abb fox615_tego1_firmware r2b16
hitachi relion_670_firmware 2.2.1
hitachi relion_sam600-io_firmware 2.2.1
hitachi itt600_sa_explorer 1.7.2
hitachi relion_650_firmware 2.2.3
hitachi relion_670_firmware 1.2
hitachi itt600_sa_explorer 1.5.0
abb fox615_tego1_firmware r2b16_03
hitachi pwc600_firmware 1.0
hitachi itt600_sa_explorer 2.0.1
hitachi relion_670_firmware 2.0
abb sys600_firmware *
hitachi itt600_sa_explorer 2.0.3
hitachi relion_670_firmware 2.2.4
hitachi relion_650_firmware 1.1
abb fox615_tego1_firmware r1b02
abb fox615_tego1_firmware r1c07
abb txpert_hub_coretec_4_firmware *
abb rtu500_firmware 13.4.1
hitachi relion_650_firmware 2.2.1
abb reb500_firmware *
hitachi itt600_sa_explorer 2.1.0.4
hitachi itt600_sa_explorer 2.1.0.5
hitachi itt600_sa_explorer 1.6.0
hitachi itt600_sa_explorer 1.8.0
hitachi relion_670_firmware 2.2.0
hitachi relion_650_firmware 1.3
hitachi itt600_sa_explorer 1.1.2
hitachi relion_sam600-io_firmware 2.2.5
CVE-2022-34881

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
hitachi jp1/automatic_operation 11-50
hitachi jp1/automatic_operation 12-60
hitachi jp1/automatic_operation *
hitachi jp1/automatic_operation 10-01
hitachi jp1/automatic_operation 10-11
hitachi jp1/automatic_operation 10-51
hitachi jp1/automatic_operation 10-50
hitachi jp1/automatic_operation 10-02
CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
hitachi raid_manager_storage_replication_adapter 02.05.00
hitachi raid_manager_storage_replication_adapter *
CVE-2022-34883

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi raid_manager_storage_replication_adapter 02.05.00
hitachi raid_manager_storage_replication_adapter *
CVE-2022-37680

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Products Affected

Vendor Product Version
hitachi hc-ip9100hd_firmware *
CVE-2022-37681

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Products Affected

Vendor Product Version
hitachi hc-ip9100hd_firmware *
CVE-2022-3884

Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
hirt@hitachi.co.jp 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 2.0 4.7

Products Affected

Vendor Product Version
hitachi ops_center_analyzer *
CVE-2022-3960

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-4041

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.

Products Affected

Vendor Product Version
hitachi storage_plug-in 04.8.0
hitachi storage_plug-in 04.9.0
CVE-2022-4146

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
hitachi replication_manager *
CVE-2022-41552

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
hirt@hitachi.co.jp 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hitachi ops_center_viewpoint *
hitachi ops_center_analyzer *
hitachi infrastructure_analytics_advisor *
CVE-2022-41553

Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

Products Affected

Vendor Product Version
hitachi ops_center_analyzer *
hitachi infrastructure_analytics_advisor *
CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security.vulnerabilities@hitachivantara.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-43771

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security.vulnerabilities@hitachivantara.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
CVE-2022-43772

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security.vulnerabilities@hitachivantara.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
CVE-2022-43773

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security.vulnerabilities@hitachivantara.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-43938

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-43940

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-43941

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-4441

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.

Products Affected

Vendor Product Version
hitachi storage_plug-in 04.8.0
hitachi storage_plug-in 04.9.0
CVE-2022-4769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
CVE-2022-4771

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security.vulnerabilities@hitachivantara.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-4815

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2022-4895

Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
hitachi ops_center_analyzer *
hitachi infrastructure_analytics_advisor *
CVE-2023-1158

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
hitachi vantara_pentaho *
hitachi vantara_pentaho_business_analytics_server *
hitachi vantara_pentaho_business_analytics_server 9.4.0.0
CVE-2023-1995

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
hirt@hitachi.co.jp 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

Products Affected

Vendor Product Version
hitachi hirdb_structured_data_access_facility *
hitachi hirdb_server *
hitachi hirdb_server_with_additional_function *
CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N 2.3 4.7

Products Affected

Vendor Product Version
hitachi ops_center_analyzer 10.9.1-00
CVE-2023-3335

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
hirt@hitachi.co.jp 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
hitachi ops_center_administrator *
CVE-2023-34142

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2023-34143

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2023-3440

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
hirt@hitachi.co.jp 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
hitachi jp1/performance_management -
CVE-2023-3495

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hitachi eh-view -
CVE-2023-3517

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.5 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N 3.1 4.7
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi pentaho_data_integration_and_analytics *
CVE-2023-3967

Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
hirt@hitachi.co.jp 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
hitachi ops_center_common_services *
CVE-2023-39984

** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
hirt@hitachi.co.jp 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hitachi eh-view -
CVE-2023-39985

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
hirt@hitachi.co.jp 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hitachi eh-view -
CVE-2023-39986

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
hirt@hitachi.co.jp 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hitachi eh-view -
CVE-2023-49106

Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2023-49107

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
hitachi device_manager *
CVE-2023-5617

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
hitachi vantara_pentaho_data_integration_and_analytics *
CVE-2023-5808

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security.vulnerabilities@hitachivantara.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
hitachi vantara_hitachi_network_attached_storage *
CVE-2023-6457

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
hirt@hitachi.co.jp 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

Products Affected

Vendor Product Version
hitachi tuning_manager *
CVE-2023-6538

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security.vulnerabilities@hitachivantara.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
hitachi system_management_unit_firmware *
CVE-2024-0715

Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
hitachi global_link_manager *
CVE-2024-21840

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.0 5.3
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
hitachi storage_plug-in *
CVE-2024-2819

Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.5 2.5

Products Affected

Vendor Product Version
hitachi ops_center_common_services *
CVE-2024-28982

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

Products Affected

Vendor Product Version
hitachi pentaho_business_analytics_server *
CVE-2024-28983

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L 2.8 5.3

Products Affected

Vendor Product Version
hitachi business_analytics_server *
CVE-2024-28984

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security.vulnerabilities@hitachivantara.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L 2.8 5.3

Products Affected

Vendor Product Version
hitachi pentaho_business_analytics_server *
CVE-2024-5828

Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
hitachi tuning_manager *
CVE-2024-7125

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
hitachi ops_center_common_services *
CVE-2025-0976

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

Products Affected

Vendor Product Version
hitachi ops_center_api_configuration_manager *
hitachi configuration_manager *
CVE-2025-5781

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 5.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 2.0 2.7

Products Affected

Vendor Product Version
hitachi device_manager *
hitachi ops_center_api_configuration_manager *
hitachi configuration_manager *
CVE-2025-65115

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
hitachi job_management_partner_1/it_desktop_management-manager *
hitachi jp1/it_desktop_management_2-operations_director *
hitachi jp1/netm/dm_manager *
hitachi jp1/it_desktop_management_2-manager *
hitachi jp1/netm/dm_client *
CVE-2025-65116

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
hirt@hitachi.co.jp 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
hitachi job_management_partner_1/it_desktop_management-manager *
hitachi jp1/it_desktop_management_2-operations_director *
hitachi jp1/netm/dm_manager *
hitachi jp1/it_desktop_management_2-manager *
hitachi jp1/netm/dm_client *