CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49107 – Generation of Error Message Containing Sensitive Information Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-49107
16 Jan 2024 — Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. Vulnerabilidad de generación de mensaje de error que contiene información confidencial en Hitachi Device Manager en Windows, Linux (módulos Device Manager Agent). Este problema afecta a Hitachi Device Manager: versiones anteriores a 8.8.5-04. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49106 – Missing Password Field Masking Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-49106
16 Jan 2024 — Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04. Vulnerabilidad de enmascaramiento de campo de contraseña faltante en Hitachi Device Manager en Windows, Linux (componente Device Manager Agent). Este problema afecta a Hitachi Device Manager: versiones anteriores a 8.8.5-04. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50916
https://notcve.org/view.php?id=CVE-2023-50916
10 Jan 2024 — Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to... • https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34143 – Improper Validation of Certificate Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-34143
18 Jul 2023 — Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34142 – Cleartext Transmission Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-34142
18 Jul 2023 — Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36695 – File and Directory Permission Vulnerability in Hitachi Command Suite
https://notcve.org/view.php?id=CVE-2020-36695
18 Jul 2023 — Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: befo... • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31989
https://notcve.org/view.php?id=CVE-2021-31989
25 Aug 2021 — A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. Un usuario con permiso para iniciar sesión en la máquina que aloja el cliente AXIS Device Manager podría en determinadas condiciones, extraer un volcado de memoria de la aplicación integrada Windows Task Manager. El volcado de memoria puede ... • https://www.axis.com/files/tech_notes/CVE-2021-31989.pdf • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2018-21032
https://notcve.org/view.php?id=CVE-2018-21032
14 Feb 2020 — A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager. Una vulnerabilidad en Hitachi Command Suite versiones anteriores a 8.7.1-00 y Hitachi Automation Director versiones anteriores a 8.5.0-00, permite a usuarios autenticados remotos exponer información técnica por medio de men... • http://www.hitachi.co.jp/Prod/comp/soft1/global/security • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-21033
https://notcve.org/view.php?id=CVE-2018-21033
14 Feb 2020 — A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. Una vulnerabilidad en Hitachi Command S... • http://www.hitachi.co.jp/Prod/comp/soft1/global/security • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-21026
https://notcve.org/view.php?id=CVE-2018-21026
12 Nov 2019 — A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. Una vulnerabilidad en Hitachi Command Suite versiones 7.x y versiones 8.x anteriores a 8.6.5-00, permite a un usuario remoto no autenticado leer información interna. • http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •