CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49106 – Missing Password Field Masking Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-49106
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04. Vulnerabilidad de enmascaramiento de campo de contraseña faltante en Hitachi Device Manager en Windows, Linux (componente Device Manager Agent). Este problema afecta a Hitachi Device Manager: versiones anteriores a 8.8.5-04. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-101/index.html • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3517 – Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
https://notcve.org/view.php?id=CVE-2023-3517
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. Las versiones de Hitachi Vantara Pentaho Data Integration & Analytics anteriores a 9.5.0.1 y 9.3.0.5, incluida 8.3.x, no restringen los identificadores JNDI durante la creación de XActions, lo que permite el control de las fuentes de datos a nivel del sistema. • https://support.pentaho.com/hc/en-us/articles/19668665099533 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 2CVE-2023-6538 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
https://notcve.org/view.php?id=CVE-2023-6538
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. Las versiones de SMU anteriores a 14.8.7825.01 son susceptibles a la divulgación de información no intencionada mediante la manipulación de URL. Los usuarios autenticados en funciones administrativas de Almacenamiento, Servidor o combinadas de Servidor+Almacenamiento pueden acceder a la copia de seguridad de la configuración de SMU, que normalmente estaría prohibida para esas funciones administrativas específicas. Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/51915 https://github.com/Arszilla/CVE-2023-6538 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. • CWE-285: Improper Authorization •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5808 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.
https://notcve.org/view.php?id=CVE-2023-5808
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. La divulgación de información en SMU en Hitachi Vantara HNAS 14.8.7825.01 en Windows permite a los usuarios autenticados descargar archivos confidenciales a través de Insecure Direct Object Reference (IDOR). Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability. • https://github.com/Arszilla/CVE-2023-5808 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data. • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3440 – File and Directory Permission Vulnerability in JP1/Performance Management
https://notcve.org/view.php?id=CVE-2023-3440
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*. La vulnerabilidad de permisos predeterminados incorrectos en Hitachi JP1/Performance Management en Windows permite la manipulación de archivos. Este problema afecta a JP1/Performance Management - Manager: desde 09-00 antes del 12-50-07; JP1/Gestión del Desempeño - Base: de 09-00 a 10-50-*; JP1/Gestión de rendimiento - Opción de agente para servidor de aplicaciones: de 11-00 antes del 11-50-16; JP1/Gestión de rendimiento - Opción de agente para aplicaciones empresariales: del 09-00 al 12-00-14; JP1/Gestión de rendimiento - Opción de agente para HiRDB: del 09-00 al 12-00-14; JP1/Gestión de rendimiento - Opción de agente para IBM Lotus Domino: del 10-00 al 11-50-16; JP1/Gestión de rendimiento - Opción de agente para Microsoft(R) Exchange Server: del 09-00 al 12-00-14; JP1/Gestión de rendimiento - Opción de agente para Microsoft(R) Internet Information Server: del 09-00 al 12-00-14; JP1/Gestión de rendimiento - Opción de agente para Microsoft(R) SQL Server: del 09-00 al 12-50-07; JP1/Gestión de Rendimiento - Opción Agente para Oracle: del 09-00 al 10-12-08; JP1/Gestión de rendimiento - Opción de agente para plataforma: del 09-00 al 50-12-07; JP1/Gestión de Desempeño - Opción de Agente para Respuesta de Servicio: del 09-00 al 11-50-16; JP1/Gestión de Rendimiento - Opción de Agente para Sistema de Transacciones: de 11-00 antes del 12-00-14; JP1/Gestión de rendimiento - Monitor remoto para Microsoft(R) SQL Server: del 09-00 al 12-50-07; JP1/Gestión de Rendimiento - Monitor Remoto para Oracle: del 09-00 al 10-12-08; JP1/Gestión de Rendimiento - Monitor Remoto para Plataforma: del 09-00 al 10-12-08; JP1/Gestión de rendimiento - Monitor remoto para máquina virtual: del 10-00 al 12-50-07; JP1/Gestión de rendimiento - Opción de agente para Domino: del 09-00 al 09-00-*; JP1/Gestión de rendimiento: opción de agente para IBM WebSphere Application Server: del 09-00 al 10-00-*; JP1/Gestión del rendimiento: opción de agente para IBM WebSphere MQ: del 09-00 al 10-00-*; JP1/Gestión de rendimiento - Opción de agente para JP1/AJS3: del 09-00 al 10-00-*; JP1/Gestión de rendimiento - Opción de agente para OpenTP1: del 09-00 al 10-00-*; JP1/Gestión de rendimiento: opción de agente para Oracle WebLogic Server: del 09-00 al 10-00-*; JP1/Gestión de rendimiento - Opción de agente para el servidor de aplicaciones uCosminexus: del 09-00 al 10-00-*; JP1/Gestión de rendimiento - Opción de agente para máquina virtual: del 09-00 al 09-01-*. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html • CWE-276: Incorrect Default Permissions •