CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5706 – Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
https://notcve.org/view.php?id=CVE-2024-5706
19 Feb 2025 — The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not restrict JNDI identifiers during the creation of Community Dashboards, allowing control of system-level data sources. An attacker could gain access to or modify sensitive ... • https://support.pentaho.com/hc/en-us/articles/34296195570189--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Improper-Control-of-Resource-Identifiers-Resource-Injection-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-5706 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57964 – Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program
https://notcve.org/view.php?id=CVE-2024-57964
18 Feb 2025 — Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:. Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Prog... • https://www.hitachi.com/hirt/hitachi-sec/2025/001.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57963 – Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER
https://notcve.org/view.php?id=CVE-2024-57963
18 Feb 2025 — Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:. Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:... • https://www.hitachi.com/hirt/hitachi-sec/2025/001.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10205 – Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
https://notcve.org/view.php?id=CVE-2024-10205
17 Dec 2024 — Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00. Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail... • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45068 – Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
https://notcve.org/view.php?id=CVE-2024-45068
03 Dec 2024 — Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. Vulnerabilidad de fuga de credenciales de autenticación en Hitachi Ops Center Common Services dentro de Hitachi Ops Center OVA. Este problema afecta a Hitachi Ops Center Common Services: desde 10.9.3-00 hasta 11.0.3-00; Hitachi Ops Center OVA: desde... • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html • CWE-1392: Use of Default Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9929
https://notcve.org/view.php?id=CVE-2024-9929
26 Nov 2024 — A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=en&DocumentPartId=&Action=launch • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9928
https://notcve.org/view.php?id=CVE-2024-9928
26 Nov 2024 — A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. A vulnerability exists in NSD570 login panel that does not restrict ex... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=en&DocumentPartId=&Action=launch • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41156
https://notcve.org/view.php?id=CVE-2024-41156
29 Oct 2024 — Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41153
https://notcve.org/view.php?id=CVE-2024-41153
29 Oct 2024 — Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to ... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45523
https://notcve.org/view.php?id=CVE-2024-45523
18 Sep 2024 — An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP. • https://www.bravurasecurity.com/cve-2024-45523-resource-leak-in-api-after-a-failed-login-attempt • CWE-307: Improper Restriction of Excessive Authentication Attempts •