CVE-2025-3624

Vulnerability

Overview

Hitachi Ops Center Analyzer (version 10.0.0-00 before 11.0.4-00) suffers from a missing authorization vulnerability in its detail view component. The issue is classified as CWE-862 (Missing Authorization) [1]. This means the software fails to properly enforce access controls for certain functionality, allowing an attacker to perform operations without proper authentication or privileges [1].

Attack

Vector and Exploitation

The vulnerability exists in the detail view component of Hitachi Ops Center Analyzer. To exploit this issue, an attacker would require network access to the affected component. The exact attack vector is not detailed, but the missing authorization suggests that requests to view or modify details may be processed without adequate permission checks. The CVSS v3 base score is 4.3 (Medium) with a vector string indicating network attack vector and low complexity, but requiring some level of privileges [1].

Impact

An attacker who successfully exploits this vulnerability could gain unauthorized access to detailed view functionality. This may lead to information disclosure or unauthorized modifications within the affected system. The impact is limited by the low scope of the vulnerability, as reflected by the medium severity rating [1].

Mitigation

Hitachi has addressed this vulnerability in Ops Center Analyzer version 11.0.4-00. Users running version 10.0.0-00 or later, but prior to 11.0.4-00, are advised to update to the fixed version to remediate the issue [1].