CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41573
https://notcve.org/view.php?id=CVE-2021-41573
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link . Hitachi Content Platform Anywhere (HCP-AW) versiones 4.4.5 y posteriores, permiten una divulgación de información. Si un usuario autenticado crea un enlace a un archivo o carpeta mientras el sistema estaba ejecutando la versión 4.3.x o anterior, y luego comparte el enlace y más tarde elimina el archivo o la carpeta sin borrar el enlace y antes de que éste expire. • https://www.hitachi.com/hirt/hitachi-sec/2021/602.html https://www.hitachi.com/hirt/security/index.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20740
https://notcve.org/view.php?id=CVE-2021-20740
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. Hitachi Virtual File Platform versiones anteriores a 5.5.3-09 y anteriores a 6.4.3-09, y versiones de NEC Storage M Series NAS Gateway Nh4a/Nh8a anteriores a FOS 5.5.3-08(NEC2.5.4a) y las versiones Nh4b/Nh8b, Nh4c/Nh8c anteriores a FOS 6.4.3-08(NEC3.4.2) permiten a atacantes remotos autenticados ejecutar comandos arbitrarios del Sistema Operativo con privilegios de root por medio de vectores no especificados • https://jpn.nec.com/security-info/secinfo/nv21-011.html https://jvn.jp/en/jp/JVN21298724/index.html https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20741
https://notcve.org/view.php?id=CVE-2021-20741
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) versión 10-11-01 y anteriores y Hitachi Application Server V10 Manual (UNIX) versión 10-11-01 y anteriores) permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN03776901/index.html https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3196
https://notcve.org/view.php?id=CVE-2021-3196
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user. Se detectó un problema en Hitachi ID Bravura Security Fabric versiones 11.0.0 hasta 11.1.3, versiones 12.0.0 hasta 12.0.2 y versión 12.1.0. • https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user https://www.hitachi.com/hirt/hitachi-sec/2021/601.html https://www.hitachi.com/hirt/security/index.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24666
https://notcve.org/view.php?id=CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 El Analysis Report en Hitachi Vantara Pentaho versiones hasta 7.x - 8.x, contiene una vulnerabilidad de tipo Cross-site scripting almacenado, que permite a usuarios remotos autenticados ejecutar código JavaScript arbitrario. Específicamente, la vulnerabilidad radica en el parámetro "Display Name". Corregido en las versiones posteriores a 9.1.0.1 incluyéndola • http://www.hitachi.com/hirt/hitachi-sec/2020/601.html https://www.accenture.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •