Vendor
Hitachi
Hitachi, Ltd. is a Japanese multinational conglomerate founded in 1910 and headquartered in Chiyoda, Tokyo. The company is active in various industries, including digital systems, power and renewable energy, railway systems, healthcare products, and financial systems. The company was founded as an electrical machinery manufacturing subsidiary of the Kuhara Mining Plant in Hitachi, Ibaraki, by engineer Namihei Odaira in 1910. It began operating as an independent company under its current name in 1920.
Founded 1910
Products
204
CVEs
111
Across products
2,413
Status
Private
Products
204- 417 CVEs
- 133 CVEs
- 122 CVEs
- 102 CVEs
- 86 CVEs
- 68 CVEs
- 63 CVEs
- 61 CVEs
- 52 CVEs
- 40 CVEs
- 40 CVEs
- 35 CVEs
- 34 CVEs
- 34 CVEs
- 32 CVEs
- 30 CVEs
- 28 CVEs
- 28 CVEs
- 25 CVEs
- 24 CVEs
- 22 CVEs
- 20 CVEs
- 20 CVEs
- 20 CVEs
- 20 CVEs
- 20 CVEs
- 19 CVEs
- 19 CVEs
- 18 CVEs
- 18 CVEs
- + 174 more — see CVE list below for full coverage.
Recent CVEs
111| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9294 | Cri | 0.64 | 9.8 | 0.04 | May 29, 2017 | RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. | |
| CVE-2025-11158 | Cri | 0.59 | 9.1 | 0.00 | Mar 10, 2026 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE. | |
| CVE-2025-65115 | Hig | 0.57 | 8.8 | 0.00 | Apr 7, 2026 | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. | |
| CVE-2025-1978 | Hig | 0.54 | 8.3 | 0.00 | May 7, 2026 | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00. | |
| CVE-2025-9661 | Hig | 0.53 | 8.1 | 0.00 | May 7, 2026 | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00. | |
| CVE-2008-2169 | Hig | 0.49 | 7.5 | 0.01 | May 13, 2008 | Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |
| CVE-2017-9295 | Med | 0.42 | 6.5 | 0.00 | May 29, 2017 | XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | |
| CVE-2017-9297 | Med | 0.40 | 6.1 | 0.00 | May 29, 2017 | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | |
| CVE-2017-9296 | Med | 0.40 | 6.1 | 0.00 | May 29, 2017 | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | |
| CVE-2025-65116 | Med | 0.36 | 5.5 | 0.00 | Apr 7, 2026 | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. | |
| CVE-2017-9298 | Med | 0.35 | 5.4 | 0.00 | May 29, 2017 | Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | |
| CVE-2005-0356 | 0.10 | — | 0.82 | May 31, 2005 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | ||
| CVE-2023-6538 | 0.03 | — | 0.05 | Dec 11, 2023 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. | ||
| CVE-2003-0564 | 0.03 | — | 0.36 | Dec 1, 2003 | Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite. | ||
| CVE-2004-0928 | 0.02 | — | 0.21 | Oct 5, 2004 | The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | ||
| CVE-2007-1093 | 0.01 | — | 0.10 | Feb 26, 2007 | Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. | ||
| CVE-2006-6713 | 0.01 | — | 0.08 | Dec 23, 2006 | Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. | ||
| CVE-2004-1478 | 0.01 | — | 0.07 | Dec 31, 2004 | JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||
| CVE-2023-5617 | 0.00 | — | 0.00 | Feb 28, 2024 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered. | ||
| CVE-2023-3517 | 0.00 | — | 0.00 | Dec 12, 2023 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. |