CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36605 – File Permissions Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Viewpoint
https://notcve.org/view.php?id=CVE-2020-36605
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. Vulnerabilidad de permisos predeterminados incorrectos en Hitachi Infrastructure Analytics Advisor en Linux (Analytics probe component), Hitachi Ops Center Analyzer en Linux (Analyzer probe component), Hitachi Ops Center Viewpoint en Linux (Viewpoint RAID Agent component) permite a los usuarios locales leer y escribir archivos específicos . Este problema afecta a Hitachi Infrastructure Analytics Advisor: desde 2.0.0-00 hasta 4.4.0-00; Hitachi Ops Center Analyzer: desde 10.0.0-00 antes de 10.9.0-00; Hitachi Ops Center Viewpoint: desde 10.8.0-00 antes de 10.9.0-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2637 – Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter
https://notcve.org/view.php?id=CVE-2022-2637
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. Una vulnerabilidad de Asignación Incorrecta de Privilegios en Hitachi Storage Plug-in for VMware vCenter permite a usuarios remotos autenticados causar una escalada de privilegios. Este problema afecta a: Hitachi Storage Plug-in for VMware vCenter versión 04.8.0 • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34883 – OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter
https://notcve.org/view.php?id=CVE-2022-34883
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. Una vulnerabilidad de inyección de comandos del Sistema Operativo en Hitachi RAID Manager Storage Replication Adapter permite a usuarios remotos autenticados ejecutar comandos arbitrarios del Sistema Operativo. Este problema afecta a: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versiones anteriores a 02.03.02 en Windows; 02.05.00 versiones anteriores a 02.05.01 en Windows y Docker. • https://www.hitachi.com/products/it/storage-solutions/sec_info/2022/2022_307.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34882 – Information Exposure Vulnerability in RAID Manager Storage Replication Adapter
https://notcve.org/view.php?id=CVE-2022-34882
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. Una vulnerabilidad de Exposición de Información Mediante Mensajes de Error en Hitachi RAID Manager Storage Replication Adapter permite a usuarios remotos autenticados conseguir información confidencial. Este problema afecta a: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versiones anteriores a 02.03.02 en Windows; 02.05.00 versiones anteriores a 02.05.01 en Windows y Docker. • https://www.hitachi.com/products/it/storage-solutions/sec_info/2022/2022_307.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37681
https://notcve.org/view.php?id=CVE-2022-37681
Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue. Los productos Newtork de Hitachi Kokusai Electric para el sistema de monitorización (cámara, decodificador y codificador) y posteriores permiten que los atacantes realicen un recorrido de directorios a través de una solicitud GET manipulada al punto final /ptippage.cgi. La información de seguridad ID hitachi-sec-2022-001 contiene correcciones para el problema • https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5 https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •