Filtered by vendor Hitachi
Subscribe
Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4146 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Replication Manager, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 7.3 HIGH |
| Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | |||||
| CVE-2022-43941 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 7.1 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. | |||||
| CVE-2022-43940 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. | |||||
| CVE-2022-43938 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | |||||
| CVE-2022-43773 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | |||||
| CVE-2022-43772 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 3.8 LOW |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. | |||||
| CVE-2022-43771 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | |||||
| CVE-2022-41553 | 2 Hitachi, Linux | 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | |||||
| CVE-2022-41552 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | |||||
| CVE-2022-3960 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | |||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2024-11-21 | N/A | 7.3 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | |||||
| CVE-2022-3191 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2024-11-21 | N/A | 6.6 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 | |||||
| CVE-2022-37681 | 1 Hitachi | 2 Hc-ip9100hd, Hc-ip9100hd Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. | |||||
| CVE-2022-37680 | 1 Hitachi | 2 Hc-ip9100hd, Hc-ip9100hd Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue. | |||||
| CVE-2022-34883 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2024-11-21 | N/A | 7.2 HIGH |
| OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2022-34882 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2024-11-21 | N/A | 9.0 CRITICAL |
| Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2022-34881 | 3 Hitachi, Linux, Microsoft | 3 Jp1\/automatic Operation, Linux Kernel, Windows | 2024-11-21 | N/A | 3.3 LOW |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01. | |||||
| CVE-2022-2637 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 5.4 MEDIUM |
| Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | |||||
| CVE-2022-29922 | 1 Hitachi | 2 Microscada X Sys600, Sys600 | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | |||||
| CVE-2021-45448 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | N/A | 7.1 HIGH |
| Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. | |||||