CVE-2026-3314

Vulnerability

A missing password field masking vulnerability exists in Hitachi Ops Center Analyzer (detail view and probe modules), Hitachi Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor (Data Center Analytics and Analytics probe modules). The affected versions are: Hitachi Ops Center Analyzer from 10.0.0-00 before 11.0.8-00, Hitachi Ops Center Analyzer viewpoint from 10.8.1-00 before 11.0.8-00, and Hitachi Infrastructure Analytics Advisor from 3.2.0-00 before 11.0.8-00 (with specific component versions as noted in the advisory [1]). The password fields are displayed in plaintext instead of being masked, allowing anyone who can view the interface to read the password.

Exploitation

An attacker with access to the user interface of any affected product—such as through shared terminal sessions, screen captures, or shoulder surfing—can directly read the plaintext password. No special privileges beyond normal UI access are required; the vulnerability is present during routine password entry or management operations.

Impact

Successful exploitation leads to disclosure of plaintext passwords, which could be used to gain unauthorized access to the affected system or other systems where the same credentials are reused. The confidentiality of authentication credentials is compromised.

Mitigation

Hitachi has released version 11.0.8-00 that fixes the issue. All affected products should be upgraded to this version or later. If upgrading is not immediately possible, administrative controls (e.g., restricting UI access) should be implemented as a workaround [1].