CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28982 – Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
https://notcve.org/view.php?id=CVE-2024-28982
Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. Las versiones de Hitachi Vantara Pentaho Business Analytics Server anteriores a 10.1.0.0 y 9.3.0.7, incluida 8.3.x, no protegen correctamente el endpoint del servicio ACL de Pentaho User Console contra la referencia de entidad externa XML. • https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22385 – File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter
https://notcve.org/view.php?id=CVE-2024-22385
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-129/index.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28022
https://notcve.org/view.php?id=CVE-2024-28022
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. Existe una vulnerabilidad en el servidor/APIGateway de FOXMAN-UN/UNEM que, si se explota, permite a un usuario malintencionado realizar un número arbitrario de intentos de autenticación utilizando diferentes contraseñas y, finalmente, obtener acceso a la cuenta objetivo. A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2617
https://notcve.org/view.php?id=CVE-2024-2617
A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware. Existe una vulnerabilidad en el RTU500 que permite a los usuarios autenticados y autorizados omitir la actualización segura. Si un actor malintencionado aprovecha con éxito esta vulnerabilidad, podría usarla para actualizar el RTU500 con firmware sin firmar. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000199&languageCode=en&Preview=true • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2377
https://notcve.org/view.php?id=CVE-2024-2377
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information. Existe una vulnerabilidad en la configuración del servidor web del encabezado de respuesta HTTP demasiado permisiva del SDM600. Un atacante puede aprovechar esto y posiblemente realizar acciones privilegiadas y acceder a información confidencial. • https://github.com/Verrideo/CVE-2024-23774 https://github.com/Verrideo/CVE-2024-23773 https://github.com/Verrideo/CVE-2024-23772 https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true • CWE-346: Origin Validation Error •