CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4041 – Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter
https://notcve.org/view.php?id=CVE-2022-4041
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. Vulnerabilidad de asignación de privilegios incorrecta en Hitachi Storage Plug-in para VMware vCenter permite a los usuarios autenticados remotamente provocar una escalada de privilegios. Este problema afecta al complemento de almacenamiento Hitachi para VMware vCenter: desde 04.8.0 antes de 04.9.1. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-103/index.html • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36611 – File and Directory Permission Vulnerability in Hitachi Tuning Manager
https://notcve.org/view.php?id=CVE-2020-36611
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00. Vulnerabilidad de permisos predeterminados incorrectos en Hitachi Tuning Manager en Linux (servidor Hitachi Tuning Manager, Hitachi Tuning Manager - Agente para RAID, Hitachi Tuning Manager - Agente para NAS, Hitachi Tuning Manager - Agente para componentes de conmutador SAN) permite a los usuarios locales leer y escribir específicos archivos. Este problema afecta a Hitachi Tuning Manager: anteriores a 8.8.5-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-101/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4266 – Webdetails cpf DependenciesPackage.java cross site scripting
https://notcve.org/view.php?id=CVE-2021-4266
A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. • https://github.com/siwapp/siwapp-ror/pull/365 https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174 https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81 https://vuldb.com/?id.216468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 3.3EPSS: 0%CPEs: 43EXPL: 0CVE-2022-34881 – Information Exposure Vulnerability in JP1/Automatic Operation
https://notcve.org/view.php?id=CVE-2022-34881
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01. La vulnerabilidad de generación de mensaje de error que contiene información confidencial en Hitachi JP1/Automatic Operation permite a los usuarios locales obtener información confidencial. Este problema afecta a JP1/Operación automática: del 10-00 al 10-54-03, del 11-00 antes del 11-51-09, del 12-00 antes del 12-60-01. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-140/index.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45448 – Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.
https://notcve.org/view.php?id=CVE-2021-45448
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. Las versiones de Pentaho Business Analytics Server anteriores a 9.2.0.2 y 8.3.0.25 que utilizan el complemento Pentaho Analyzer exponen un endpoint de servicio para plantillas que permite una ruta proporcionada por el usuario para acceder a recursos que están fuera de los límites. El software utiliza entradas externas para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido, pero el software no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicación que está fuera del directorio restringido. Al utilizar elementos especiales como separadores ".." y "/", los atacantes pueden escapar de la ubicación restringida para acceder a archivos o directorios que se encuentran en otras partes del sistema. • https://support.pentaho.com/hc/en-us/articles/6744743458701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •