Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
222 vulnerabilities by hitachi
CVE-2025-7737 (GCVE-0-2025-7737)
Vulnerability from cvelistv5 – Published: 2026-06-19 05:13 – Updated: 2026-06-19 05:13
VLAI
Title
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform
Summary
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
Severity
8.6 (High)
CWE
- CWE-770 - Allocation of resources without limits or throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/storage-solut… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform E990, E1090, E1090H |
Affected:
0 , < DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
Affected: 0 , < DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H |
Affected:
0 , < DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
Affected: 0 , < DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (custom) Affected: 0 , < DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04 (customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04) |
|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800 |
Affected:
0 , < DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H |
Affected:
0 , < DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07
(custom)
Affected: 0 , < DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom) Affected: 0 , < DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500 |
Affected:
0 , < DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E990, E1090, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\u003c/div\u003e\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.\u003c/p\u003e"
}
],
"value": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\n\n\n\nThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17."
}
],
"impacts": [
{
"capecId": "CAPEC-482",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-482 TCP Flood"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of resources without limits or throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T05:13:38.611Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-312",
"discovery": "UNKNOWN"
},
"title": "DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-7737",
"datePublished": "2026-06-19T05:13:38.611Z",
"dateReserved": "2025-07-17T05:09:06.792Z",
"dateUpdated": "2026-06-19T05:13:38.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3314 (GCVE-0-2026-3314)
Vulnerability from cvelistv5 – Published: 2026-05-26 05:57 – Updated: 2026-05-26 12:22
VLAI
Title
Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
Summary
Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).
This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-549 - Missing password field masking
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.8-00
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer viewpoint |
Affected:
10.8.1-00 , < 11.0.8-00
(custom)
|
|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
3.2.0-00 , < 11.0.8-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:21:39.028766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:22:47.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view",
"Hitachi Ops Center Analyzer probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8-00",
"status": "unaffected"
}
],
"lessThan": "11.0.8-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer viewpoint",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8-00",
"status": "unaffected"
}
],
"lessThan": "11.0.8-00",
"status": "affected",
"version": "10.8.1-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics",
"Analytics probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThan": "11.0.8-00",
"status": "affected",
"version": "3.2.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00.\u003c/p\u003e"
}
],
"value": "Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics probe modules).\n\nThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.8-00; Hitachi Ops Center Analyzer viewpoint: from 10.8.1-00 before 11.0.8-00; Hitachi Infrastructure Analytics Advisor: from 3.2.0-00 before 11.0.8-00."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-549",
"description": "CWE-549 Missing password field masking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T05:57:09.752Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-120/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-120",
"discovery": "UNKNOWN"
},
"title": "Missing Password Masking in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-3314",
"datePublished": "2026-05-26T05:57:09.752Z",
"dateReserved": "2026-02-27T06:34:14.106Z",
"dateUpdated": "2026-05-26T12:22:47.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11159 (GCVE-0-2025-11159)
Vulnerability from cvelistv5 – Published: 2026-05-13 05:36 – Updated: 2026-05-13 14:44
VLAI
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Summary
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , < 10.2.0.7
(maven)
Affected: 1.0 , < 11.0 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:44:30.743315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:44:36.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThan": "10.2.0.7",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "11.0",
"status": "affected",
"version": "1.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u0026nbsp;data source administrator."
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-310",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-310 Scanning for Vulnerable Software"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T05:36:43.720Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/39954640408077--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Dependency-on-Vulnerable-Third-Party-Component-Versions-before-10-2-0-7-and-11-0-0-0-Impacted-CVE-2025-11159"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Dependency on Vulnerable Third-Party Component",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2025-11159",
"datePublished": "2026-05-13T05:36:43.720Z",
"dateReserved": "2025-09-29T14:53:44.917Z",
"dateUpdated": "2026-05-13T14:44:36.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1978 (GCVE-0-2025-1978)
Vulnerability from cvelistv5 – Published: 2026-05-07 08:05 – Updated: 2026-05-07 13:40
VLAI
Title
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Summary
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 |
Affected:
0 , < DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00
(custom)
Affected: 0 , < DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00 (custom) Affected: 0 , < DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:39:55.440215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:40:00.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Josef Riedmaier, Siemens Energy."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00\u003cspan\u003e.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T08:05:42.743Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_307.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-307",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1978",
"datePublished": "2026-05-07T08:05:42.743Z",
"dateReserved": "2025-03-05T03:18:02.426Z",
"dateUpdated": "2026-05-07T13:40:00.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2514 (GCVE-0-2025-2514)
Vulnerability from cvelistv5 – Published: 2026-05-07 07:30 – Updated: 2026-05-07 13:41
VLAI
Title
Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform
Summary
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper restriction of excessive authentication attempts
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
|
| Hitachi | Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 |
Affected:
0 , < DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00
(custom)
Affected: 0 , < DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00 (custom) Affected: 0 , < DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00 (custom) Affected: 0 , < DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:41:07.277696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:41:12.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\u003cp\u003eThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u0026nbsp;Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u0026nbsp; : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.\u003c/p\u003e"
}
],
"value": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.\n\nThis issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900,\u00a0Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28\u00a0 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper restriction of excessive authentication attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:30:28.144Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_306.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-306",
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2514",
"datePublished": "2026-05-07T07:30:28.144Z",
"dateReserved": "2025-03-19T01:13:12.468Z",
"dateUpdated": "2026-05-07T13:41:12.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9661 (GCVE-0-2025-9661)
Vulnerability from cvelistv5 – Published: 2026-05-07 07:08 – Updated: 2026-05-07 13:02
VLAI
Title
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28
Summary
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Virtual Storage Platform One Block 23 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 24 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 26 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
|
| Hitachi | Hitachi Virtual Storage Platform One Block 28 |
Affected:
0 , < DKCMAIN A3-04-21-40/00, ESM A3-04-21/00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T13:02:14.993613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:02:35.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 23",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 24",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 26",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hitachi Virtual Storage Platform One Block 28",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "unaffected"
}
],
"lessThan": "DKCMAIN A3-04-21-40/00, ESM A3-04-21/00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eOS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003eThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T07:08:14.823Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_309.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-309",
"discovery": "UNKNOWN"
},
"title": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-9661",
"datePublished": "2026-05-07T07:08:14.823Z",
"dateReserved": "2025-08-29T07:14:42.691Z",
"dateUpdated": "2026-05-07T13:02:35.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65116 (GCVE-0-2025-65116)
Vulnerability from cvelistv5 – Published: 2026-04-07 05:43 – Updated: 2026-04-07 13:25
VLAI
Title
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-763 - Release of invalid pointer or reference
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:25:49.919013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:25:56.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of invalid pointer or reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:43:25.553Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65116",
"datePublished": "2026-04-07T05:43:25.553Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:25:56.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65115 (GCVE-0-2025-65115)
Vulnerability from cvelistv5 – Published: 2026-04-07 05:19 – Updated: 2026-04-07 13:26
VLAI
Title
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Summary
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External control of file name or path
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Manager |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | JP1/IT Desktop Management 2 - Operations Director |
Affected:
13-50 , < 13-50-02
(custom)
Affected: 13-11 , < 13-11-04 (custom) Affected: 13-10 , < 13-10-07 (custom) Affected: 13-01 , < 13-01-07 (custom) Affected: 13-00 , < 13-00-05 (custom) Affected: 12-60 , < 12-60-12 (custom) Affected: 10-50 , ≤ 12-50-11 (custom) |
|
| Hitachi | Job Management Partner 1/IT Desktop Management 2 - Manager |
Affected:
10-50 , ≤ 10-50-11
(custom)
|
|
| Hitachi | JP1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | Job Management Partner 1/IT Desktop Management - Manager |
Affected:
09-50 , ≤ 10-10-16
(custom)
|
|
| Hitachi | JP1/NETM/DM Manager |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | JP1/NETM/DM Client |
Affected:
09-00 , ≤ 10-20-02
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Manager |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
|
| Hitachi | Job Management Partner 1/Software Distribution Client |
Affected:
09-00 , ≤ 09-51-13
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:26:13.754013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:26:20.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Operations Director",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "13-50-02",
"status": "unaffected"
}
],
"lessThan": "13-50-02",
"status": "affected",
"version": "13-50",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-11-04",
"status": "unaffected"
}
],
"lessThan": "13-11-04",
"status": "affected",
"version": "13-11",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-10-07",
"status": "unaffected"
}
],
"lessThan": "13-10-07",
"status": "affected",
"version": "13-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-01-07",
"status": "unaffected"
}
],
"lessThan": "13-01-07",
"status": "affected",
"version": "13-01",
"versionType": "custom"
},
{
"changes": [
{
"at": "13-00-05",
"status": "unaffected"
}
],
"lessThan": "13-00-05",
"status": "affected",
"version": "13-00",
"versionType": "custom"
},
{
"changes": [
{
"at": "12-60-12",
"status": "unaffected"
}
],
"lessThan": "12-60-12",
"status": "affected",
"version": "12-60",
"versionType": "custom"
},
{
"lessThanOrEqual": "12-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management 2 - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-50-11",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/IT Desktop Management - Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "10-10-16",
"status": "affected",
"version": "09-50",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/NETM/DM Client",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "10-30",
"status": "unaffected"
}
],
"lessThanOrEqual": "10-20-02",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Manager",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Job Management Partner 1/Software Distribution Client",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "09-51-13",
"status": "affected",
"version": "09-00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ruslan Sayfiev"
},
{
"lang": "en",
"type": "finder",
"value": "Denis Faiustov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution Vulnerability\u0026nbsp;in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.\u003c/p\u003e"
}
],
"value": "Remote Code Execution Vulnerability\u00a0in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External control of file name or path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T05:19:50.413Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-118",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-65115",
"datePublished": "2026-04-07T05:19:50.413Z",
"dateReserved": "2025-11-18T01:27:41.899Z",
"dateUpdated": "2026-04-07T13:26:20.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2072 (GCVE-0-2026-2072)
Vulnerability from cvelistv5 – Published: 2026-03-25 02:15 – Updated: 2026-03-25 13:29
VLAI
Title
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , < *
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.5-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:29:10.197265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:29:19.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Analytics probe"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T02:15:44.430Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-114",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-2072",
"datePublished": "2026-03-25T02:15:44.430Z",
"dateReserved": "2026-02-06T07:41:41.771Z",
"dateUpdated": "2026-03-25T13:29:19.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1166 (GCVE-0-2026-1166)
Vulnerability from cvelistv5 – Published: 2026-03-25 02:07 – Updated: 2026-03-25 13:30
VLAI
Title
Open Redirect Vulnerability in Hitachi Ops Center Administrator
Summary
Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL redirection to untrusted site ('open redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Administrator |
Affected:
10.2.0 , < 11.0.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:30:17.223904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:30:24.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Administrator",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8",
"status": "unaffected"
}
],
"lessThan": "11.0.8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.\u003cp\u003eThis issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.\u003c/p\u003e"
}
],
"value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-98 Phishing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T02:07:10.895Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-113/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-113",
"discovery": "UNKNOWN"
},
"title": "Open Redirect Vulnerability in Hitachi Ops Center Administrator",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-1166",
"datePublished": "2026-03-25T02:07:10.895Z",
"dateReserved": "2026-01-19T05:00:10.434Z",
"dateUpdated": "2026-03-25T13:30:24.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11158 (GCVE-0-2025-11158)
Vulnerability from cvelistv5 – Published: 2026-03-09 22:12 – Updated: 2026-03-10 18:42
VLAI
Title
Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization
Summary
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.pentaho.com/hc/en-us/articles/399… | vendor-advisory |
| https://www.ox.security/blog/cve-2025-11158/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Vantara | Pentaho Data Integration and Analytics |
Affected:
1.0 , ≤ 9.3.*
(maven)
Affected: 10.0 , < 10.2.0.6 (maven) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T14:34:15.156923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T14:34:25.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-10T18:42:40.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.ox.security/blog/cve-2025-11158/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pentaho Data Integration and Analytics",
"vendor": "Hitachi Vantara",
"versions": [
{
"lessThanOrEqual": "9.3.*",
"status": "affected",
"version": "1.0",
"versionType": "maven"
},
{
"lessThan": "10.2.0.6",
"status": "affected",
"version": "10.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Zadok (nirza) and Moshe Siman Tov Bustan from OX Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Vantara Pentaho Data Integration \u0026amp; Analytics versions before 10.2.0.6, including 9.3.x and\u0026nbsp;8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of\u0026nbsp;arbitrary scripts and leading to a RCE."
}
],
"value": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics versions before 10.2.0.6, including 9.3.x and\u00a08.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of\u00a0arbitrary scripts and leading to a RCE."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:12:51.587Z",
"orgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"shortName": "HITVAN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.pentaho.com/hc/en-us/articles/39975058295821--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Missing-Authorization-Versions-before-10-2-0-6-impacted-CVE-2025-11158"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hitachi Vantara Pentaho Data Integration \u0026 Analytics - Missing Authorization",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dce6e192-ff49-4263-9134-f0beccb9bc13",
"assignerShortName": "HITVAN",
"cveId": "CVE-2025-11158",
"datePublished": "2026-03-09T22:12:51.587Z",
"dateReserved": "2025-09-29T14:53:43.455Z",
"dateUpdated": "2026-03-10T18:42:40.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0976 (GCVE-0-2025-0976)
Vulnerability from cvelistv5 – Published: 2026-02-25 04:17 – Updated: 2026-02-25 14:49
VLAI
Title
Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager
Summary
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center API Configuration Manager |
Affected:
10.0.0-00 , < 11.0.4-00
(custom)
|
|
| Hitachi | Hitachi Configuration Manager |
Affected:
8.6.1-00 , < 11.0.5-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T14:49:36.303623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T14:49:52.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Hitachi Ops Center API Configuration Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Hitachi Configuration Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "8.6.1-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information Exposure Vulnerability in\u0026nbsp;Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.\u003cp\u003eThis issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Information Exposure Vulnerability in\u00a0Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-569",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-569 Collect Data as Provided by Users"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T04:17:58.080Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-110/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-110",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-0976",
"datePublished": "2026-02-25T04:17:58.080Z",
"dateReserved": "2025-02-03T05:28:11.381Z",
"dateUpdated": "2026-02-25T14:49:52.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5781 (GCVE-0-2025-5781)
Vulnerability from cvelistv5 – Published: 2026-02-25 03:01 – Updated: 2026-02-26 17:00
VLAI
Title
Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager
Summary
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center API Configuration Manager |
Affected:
10.0.0-00 , < 11.0.5-00
(custom)
|
|
| Hitachi | Hitachi Configuration Manager |
Affected:
8.5.1-00 , < 11.0.5-00
(custom)
|
|
| Hitachi | Hitachi Device Manager |
Affected:
8.4.1-00 , < 8.6.5-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T17:00:11.430448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:00:34.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Hitachi Ops Center API Configuration Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Hitachi Configuration Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "8.5.1-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Hitachi Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "8.6.5-00",
"status": "unaffected"
}
],
"lessThan": "8.6.5-00",
"status": "affected",
"version": "8.4.1-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.\u003cp\u003eThis issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00.\u003c/p\u003e"
}
],
"value": "Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T03:02:45.290Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-111/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-111",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Hitachi Configuration Manager, Hitachi Ops Center API Configuration Manager",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-5781",
"datePublished": "2026-02-25T03:01:21.623Z",
"dateReserved": "2025-06-06T07:01:47.194Z",
"dateUpdated": "2026-02-26T17:00:34.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66444 (GCVE-0-2025-66444)
Vulnerability from cvelistv5 – Published: 2025-12-24 04:53 – Updated: 2025-12-24 14:13
VLAI
Title
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , ≤ *
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.5-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T14:13:43.767545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T14:13:50.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T04:53:34.752Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-133/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-133",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-66444",
"datePublished": "2025-12-24T04:53:34.752Z",
"dateReserved": "2025-12-01T05:12:46.809Z",
"dateUpdated": "2025-12-24T14:13:50.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66445 (GCVE-0-2025-66445)
Vulnerability from cvelistv5 – Published: 2025-12-24 04:52 – Updated: 2025-12-24 14:15
VLAI
Title
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , ≤ *
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.5-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T14:15:23.222538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T14:15:29.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.5-00",
"status": "unaffected"
}
],
"lessThan": "11.0.5-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.\u003c/p\u003e"
}
],
"value": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T04:52:40.728Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-133/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-133",
"discovery": "UNKNOWN"
},
"title": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-66445",
"datePublished": "2025-12-24T04:52:40.728Z",
"dateReserved": "2025-12-01T05:12:46.810Z",
"dateUpdated": "2025-12-24T14:15:29.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3624 (GCVE-0-2025-3624)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:42 – Updated: 2025-05-16 15:31
VLAI
Title
Missing Authorization Vulnerability in Hitachi Ops Center Analyzer
Summary
Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:31:40.783730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:31:49.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:42:19.538Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Missing Authorization Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-3624",
"datePublished": "2025-05-16T06:42:19.538Z",
"dateReserved": "2025-04-15T02:14:15.919Z",
"dateUpdated": "2025-05-16T15:31:49.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8201 (GCVE-0-2024-8201)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:32 – Updated: 2025-05-16 15:32
VLAI
Title
Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer
Summary
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1385 - Missing Origin Validation in WebSockets
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.8.0-00 , < 11.0.4-00
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.9.0-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:32:33.240487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:32:48.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"RAID Agent"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.8.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"RAID Agent"
],
"platforms": [
"Windows"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.9.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site WebSocket Hijacking\u0026nbsp;vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Cross-Site WebSocket Hijacking\u00a0vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1385",
"description": "CWE-1385 Missing Origin Validation in WebSockets",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:32:23.411Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-8201",
"datePublished": "2025-05-16T06:32:23.411Z",
"dateReserved": "2024-08-27T04:53:33.648Z",
"dateUpdated": "2025-05-16T15:32:48.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1531 (GCVE-0-2025-1531)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:17 – Updated: 2025-05-16 15:39
VLAI
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF
Summary
Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer viewpoint |
Affected:
10.0.0-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:39:33.710414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:39:46.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer viewpoint",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:17:30.848Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1531",
"datePublished": "2025-05-16T06:17:30.848Z",
"dateReserved": "2025-02-21T00:47:08.932Z",
"dateUpdated": "2025-05-16T15:39:46.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1245 (GCVE-0-2025-1245)
Vulnerability from cvelistv5 – Published: 2025-05-16 06:08 – Updated: 2025-05-16 15:40
VLAI
Title
Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer
Summary
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-348 - Use of Less Trusted Source
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
0 , ≤ *
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T15:40:09.928899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T15:40:39.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer\u0026nbsp; (Hitachi Ops Center Analyzer detail view component).\u003cp\u003eThis issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer\u00a0 (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348 Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T06:08:03.008Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-116",
"discovery": "UNKNOWN"
},
"title": "Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-1245",
"datePublished": "2025-05-16T06:08:03.008Z",
"dateReserved": "2025-02-12T09:03:17.810Z",
"dateUpdated": "2025-05-16T15:40:39.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27525 (GCVE-0-2025-27525)
Vulnerability from cvelistv5 – Published: 2025-05-15 06:45 – Updated: 2025-05-15 14:06
VLAI
Title
Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Summary
Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-525 - Use of Web Browser Cache Containing Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Smart Device Manager |
Affected:
12-00 , < 12-00-08
(custom)
Affected: 11-10 , ≤ 11-10-08 (custom) Affected: 11-00 , ≤ 11-00-05 (custom) Affected: 10-50 , ≤ 10-50-06 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:05:50.944114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:06:02.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Smart Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-08",
"status": "unaffected"
}
],
"lessThan": "12-00-08",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-10-08",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-05",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-50-06",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.\u003c/p\u003e"
}
],
"value": "Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T06:45:58.849Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-115/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-115",
"discovery": "UNKNOWN"
},
"title": "Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-27525",
"datePublished": "2025-05-15T06:45:58.849Z",
"dateReserved": "2025-02-27T06:49:23.057Z",
"dateUpdated": "2025-05-15T14:06:02.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27524 (GCVE-0-2025-27524)
Vulnerability from cvelistv5 – Published: 2025-05-15 06:27 – Updated: 2025-05-15 14:09
VLAI
Title
Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Summary
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Smart Device Manager |
Affected:
12-00 , < 12-00-08
(custom)
Affected: 11-10 , ≤ 11-10-08 (custom) Affected: 11-00 , ≤ 11-00-05 (custom) Affected: 10-50 , ≤ 10-50-06 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:09:18.489783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:09:59.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Smart Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-08",
"status": "unaffected"
}
],
"lessThan": "12-00-08",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-10-08",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-05",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-50-06",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.\u003c/p\u003e"
}
],
"value": "Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06."
}
],
"impacts": [
{
"capecId": "CAPEC-192",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-192 Protocol Analysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T06:27:32.686Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-115/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-115",
"discovery": "UNKNOWN"
},
"title": "Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-27524",
"datePublished": "2025-05-15T06:27:32.686Z",
"dateReserved": "2025-02-27T06:49:23.056Z",
"dateUpdated": "2025-05-15T14:09:59.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27523 (GCVE-0-2025-27523)
Vulnerability from cvelistv5 – Published: 2025-05-15 06:22 – Updated: 2025-05-15 15:53
VLAI
Title
XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Summary
XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.
Severity
8.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | JP1/IT Desktop Management 2 - Smart Device Manager |
Affected:
12-00 , < 12-00-08
(custom)
Affected: 11-10 , ≤ 11-10-08 (custom) Affected: 11-00 , ≤ 11-00-05 (custom) Affected: 10-50 , ≤ 10-50-06 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T15:53:33.512614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T15:53:51.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "JP1/IT Desktop Management 2 - Smart Device Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "12-00-08",
"status": "unaffected"
}
],
"lessThan": "12-00-08",
"status": "affected",
"version": "12-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-10-08",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"lessThanOrEqual": "11-00-05",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "10-50-06",
"status": "affected",
"version": "10-50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.\u003cp\u003eThis issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.\u003c/p\u003e"
}
],
"value": "XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06."
}
],
"impacts": [
{
"capecId": "CAPEC-221",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-221 Data Serialization External Entities Blowup"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T06:22:09.764Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-115/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-115",
"discovery": "UNKNOWN"
},
"title": "XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-27523",
"datePublished": "2025-05-15T06:22:09.764Z",
"dateReserved": "2025-02-27T06:49:23.056Z",
"dateUpdated": "2025-05-15T15:53:51.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46899 (GCVE-0-2024-46899)
Vulnerability from cvelistv5 – Published: 2025-04-22 04:12 – Updated: 2025-04-22 13:24
VLAI
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF
Summary
Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
10.0.0-00 , < 11.0.0-04
(custom)
|
|
| Hitachi | Hitachi Ops Center Analyzer viewpoint OVF |
Affected:
10.0.0-00 , < 11.0.0-04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T13:24:11.598018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T13:24:20.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.0-04",
"status": "unaffected"
}
],
"lessThan": "11.0.0-04",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Analyzer viewpoint OVF",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.0-04",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.\u003c/p\u003e"
}
],
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T04:12:56.387Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-111/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-111",
"discovery": "UNKNOWN"
},
"title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-46899",
"datePublished": "2025-04-22T04:12:56.387Z",
"dateReserved": "2024-10-22T04:20:15.324Z",
"dateUpdated": "2025-04-22T13:24:20.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2300 (GCVE-0-2025-2300)
Vulnerability from cvelistv5 – Published: 2025-04-22 04:12 – Updated: 2025-04-22 13:24
VLAI
Title
Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Summary
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.
This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
11.0.3-00 , < 11.0.4-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T13:24:48.746240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T13:24:55.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.4-00",
"status": "unaffected"
}
],
"lessThan": "11.0.4-00",
"status": "affected",
"version": "11.0.3-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.\u003cbr\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.\u003c/p\u003e"
}
],
"value": "Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability.\nThis issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T04:12:41.660Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-112/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-112",
"discovery": "UNKNOWN"
},
"title": "Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2025-2300",
"datePublished": "2025-04-22T04:12:41.660Z",
"dateReserved": "2025-03-14T01:39:43.295Z",
"dateUpdated": "2025-04-22T13:24:55.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57964 (GCVE-0-2024-57964)
Vulnerability from cvelistv5 – Published: 2025-02-18 06:33 – Updated: 2025-02-18 15:50 Unsupported When Assigned
VLAI
Title
Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program
Summary
Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects HVAC Energy Saving Program:.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/hirt/hitachi-sec/2025/001.html | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | HVAC Energy Saving Program |
Affected:
0 , ≤ *
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-57964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:50:48.506333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:50:58.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HVAC Energy Saving Program",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sahil Shah"
},
{
"lang": "en",
"type": "finder",
"value": "Shaurya"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\u003cbr\u003e\u003cp\u003eThis issue affects HVAC Energy Saving Program:.\u003c/p\u003e"
}
],
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\nThis issue affects HVAC Energy Saving Program:."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T06:33:57.761Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/hirt/hitachi-sec/2025/001.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-001",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-57964",
"datePublished": "2025-02-18T06:33:57.761Z",
"dateReserved": "2025-01-29T07:37:45.731Z",
"dateUpdated": "2025-02-18T15:50:58.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57963 (GCVE-0-2024-57963)
Vulnerability from cvelistv5 – Published: 2025-02-18 06:33 – Updated: 2025-02-18 15:51 Unsupported When Assigned
VLAI
Title
Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER
Summary
Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects USB-CONVERTERCABLE DRIVER:.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/hirt/hitachi-sec/2025/001.html | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | USB-CONVERTERCABLE DRIVER |
Affected:
0 , ≤ *
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-57963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:51:21.689667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:51:30.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "USB-CONVERTERCABLE DRIVER",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sahil Shah"
},
{
"lang": "en",
"type": "finder",
"value": "Shaurya"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\u003cbr\u003e\u003cp\u003eThis issue affects USB-CONVERTERCABLE DRIVER:.\u003c/p\u003e"
}
],
"value": "Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.\nThis issue affects USB-CONVERTERCABLE DRIVER:."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T06:33:02.885Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/hirt/hitachi-sec/2025/001.html"
}
],
"source": {
"advisory": "hitachi-sec-2025-001",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-57963",
"datePublished": "2025-02-18T06:33:02.885Z",
"dateReserved": "2025-01-29T07:37:45.730Z",
"dateUpdated": "2025-02-18T15:51:30.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10205 (GCVE-0-2024-10205)
Vulnerability from cvelistv5 – Published: 2024-12-17 01:16 – Updated: 2024-12-17 14:57
VLAI
Title
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Summary
Authentication Bypass
vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics
component
).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.
Severity
9.4 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Analyzer |
Affected:
10.0.0-00 , < 11.0.3-00
(custom)
|
|
| Hitachi | Hitachi Infrastructure Analytics Advisor |
Affected:
2.1.0-00 , ≤ 4.4.0-00
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:56:22.276629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:57:23.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Ops Center Analyzer detail view"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Ops Center Analyzer",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.3-00",
"status": "unaffected"
}
],
"lessThan": "11.0.3-00",
"status": "affected",
"version": "10.0.0-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Hitachi Data Center Analytics"
],
"platforms": [
"Linux",
"64 bit"
],
"product": "Hitachi Infrastructure Analytics Advisor",
"vendor": "Hitachi",
"versions": [
{
"lessThanOrEqual": "4.4.0-00",
"status": "affected",
"version": "2.1.0-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthentication Bypass\u003c/span\u003e\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.\u003c/p\u003e"
}
],
"value": "Authentication Bypass\nvulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics \n\ncomponent\n\n).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T01:16:19.301Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-151/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-151",
"discovery": "UNKNOWN"
},
"title": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-10205",
"datePublished": "2024-12-17T01:16:19.301Z",
"dateReserved": "2024-10-21T09:03:32.235Z",
"dateUpdated": "2024-12-17T14:57:23.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45068 (GCVE-0-2024-45068)
Vulnerability from cvelistv5 – Published: 2024-12-03 02:32 – Updated: 2024-12-03 15:54
VLAI
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Summary
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.
This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
10.9.3-00 , < 11.0.3-00
(custom)
|
|
| Hitachi | Hitachi Ops Center OVA |
Affected:
10.9.3-00 , < 11.0.2-01
(custom)
|
|
| hitachi | ops_center_ova |
Affected:
10.9.3-00 , < 11.0.2-01
(custom)
cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:* |
|
| hitachi | ops_center_common_services |
Affected:
10.9.3-00 , < 11.0.3-00
(custom)
cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_ova",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_common_services",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.3-00",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:30:59.837741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T15:54:53.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.3-00",
"status": "unaffected"
}
],
"lessThan": "11.0.3-00",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center OVA",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.2-01",
"status": "unaffected"
}
],
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e"
}
],
"value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\n\n\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T02:32:03.225Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-149",
"discovery": "UNKNOWN"
},
"title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-45068",
"datePublished": "2024-12-03T02:32:03.225Z",
"dateReserved": "2024-10-22T04:20:15.307Z",
"dateUpdated": "2024-12-03T15:54:53.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7125 (GCVE-0-2024-7125)
Vulnerability from cvelistv5 – Published: 2024-08-27 04:15 – Updated: 2024-08-28 14:17
VLAI
Title
Authentication Bypass Vulnerability in Hitachi Ops Center Common Services
Summary
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Common Services |
Affected:
10.9.3-00 , < 11.0.2-01
(custom)
|
|
| hitachi | ops_center_common_services |
Affected:
10.9.3-00 , < 11.0.2-01
(custom)
cpe:2.3:a:hitachi:ops_center_common_services:10.9.3-00:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:ops_center_common_services:10.9.3-00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ops_center_common_services",
"vendor": "hitachi",
"versions": [
{
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:16:17.603187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:17:22.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitachi Ops Center Common Services",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.2-01",
"status": "unaffected"
}
],
"lessThan": "11.0.2-01",
"status": "affected",
"version": "10.9.3-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e"
}
],
"value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T04:15:15.774Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-143",
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Vulnerability in Hitachi Ops Center Common Services",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-7125",
"datePublished": "2024-08-27T04:15:15.774Z",
"dateReserved": "2024-07-26T09:21:02.356Z",
"dateUpdated": "2024-08-28T14:17:22.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5828 (GCVE-0-2024-5828)
Vulnerability from cvelistv5 – Published: 2024-08-06 02:21 – Updated: 2024-08-06 15:40
VLAI
Title
EL Injection Vulnerability in Hitachi Tuning Manager
Summary
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Tuning Manager |
Affected:
0 , < 8.8.7-00
(custom)
|
|
| hitachi | tuning_manager |
Affected:
0 , < 8.8.7-00
(custom)
cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:windows:*:* |
|
| hitachi | tuning_manager |
Affected:
0 , < 8.8.7-00
(custom)
cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:linux_kernel:*:* |
|
| hitachi | tuning_manager |
Affected:
0 , < 8.8.7-00
(custom)
cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:solaris:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "tuning_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:linux_kernel:*:*"
],
"defaultStatus": "unknown",
"product": "tuning_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:solaris:*:*"
],
"defaultStatus": "unknown",
"product": "tuning_manager",
"vendor": "hitachi",
"versions": [
{
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:32:14.077410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:40:42.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Solaris"
],
"product": "Hitachi Tuning Manager",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "8.8.7-00",
"status": "unaffected"
}
],
"lessThan": "8.8.7-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.\u003cp\u003eThis issue affects Hitachi Tuning Manager: before 8.8.7-00.\u003c/p\u003e"
}
],
"value": "Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T02:21:38.553Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-140/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-140",
"discovery": "UNKNOWN"
},
"title": "EL Injection Vulnerability in Hitachi Tuning Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2024-5828",
"datePublished": "2024-08-06T02:21:38.553Z",
"dateReserved": "2024-06-11T01:34:48.734Z",
"dateUpdated": "2024-08-06T15:40:42.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}