CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2500
https://notcve.org/view.php?id=CVE-2025-2500
30 May 2025 — A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1484
https://notcve.org/view.php?id=CVE-2025-1484
30 May 2025 — A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2244
https://notcve.org/view.php?id=CVE-2024-2244
27 Mar 2024 — REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations. Anomalía de autenticación del servicio REST con una combinación de credenciales de “nombre de usuario válido/sin contraseña” para el procesamiento de trabajos por lotes, lo que da como resultado una invocación exitosa del servicio. La anomalía no existe con otras combinaciones de credenc... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000195&languageCode=en&Preview=true • CWE-287: Improper Authentication •