VYPR
Vendor

Hitachi

Hitachi, Ltd. is a Japanese multinational conglomerate founded in 1910 and headquartered in Chiyoda, Tokyo. The company is active in various industries, including digital systems, power and renewable energy, railway systems, healthcare products, and financial systems. The company was founded as an electrical machinery manufacturing subsidiary of the Kuhara Mining Plant in Hitachi, Ibaraki, by engineer Namihei Odaira in 1910. It began operating as an independent company under its current name in 1920.

Founded 1910
Products
240
CVEs
382
Across products
325
Status
Private

Products

240
View all 240 products →

Recent CVEs

382
View all 382 CVEs →
  • CVE-2024-37361CriFeb 20, 2025
    risk 0.64cvss 9.9epss 0.00

    The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502)   Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without…

  • CVE-2022-36407CriMar 25, 2024
    risk 0.64cvss 9.9epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H,…

  • CVE-2017-9294CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.02

    RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.

  • CVE-2024-10205CriDec 17, 2024
    risk 0.61cvss 9.4epss 0.01

    Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center…

  • CVE-2025-11159CriMay 13, 2026
    risk 0.59cvss 9.1epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator.

  • CVE-2025-11158CriMar 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.

  • CVE-2025-0756CriApr 16, 2025
    risk 0.59cvss 9.1epss 0.01

    Overview   The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)   Description   …

  • CVE-2024-5706HigFeb 19, 2025
    risk 0.58cvss 8.8epss 0.01

    The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)  Hitachi Vantara Pentaho Data Integration &…

  • CVE-2025-65115HigApr 7, 2026
    risk 0.57cvss 8.8epss 0.01

    Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job…

  • CVE-2025-7740HigJan 28, 2026
    risk 0.57cvss epss 0.00

    Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.

  • CVE-2025-1036HigOct 28, 2025
    risk 0.57cvss epss 0.01

    Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the…

  • CVE-2025-27523HigMay 15, 2025
    risk 0.57cvss 8.7epss 0.00

    XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.

  • CVE-2024-5705HigFeb 19, 2025
    risk 0.57cvss 8.8epss 0.00

    The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863)     Hitachi Vantara Pentaho Business…

  • CVE-2016-10701HigNov 28, 2017
    risk 0.57cvss 8.8epss 0.01

    In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.

  • CVE-2024-37359HigFeb 19, 2025
    risk 0.56cvss 8.6epss 0.00

    The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918)   Hitachi Vantara Pentaho Business Analytics…

  • CVE-2024-28981HigSep 12, 2024
    risk 0.55cvss 8.5epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.

  • CVE-2025-1978HigMay 7, 2026
    risk 0.54cvss 8.3epss 0.01

    Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H,…

  • CVE-2025-9661HigMay 7, 2026
    risk 0.53cvss 8.1epss 0.01

    OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

  • CVE-2026-2459HigFeb 24, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.

  • CVE-2025-66444HigDec 24, 2025
    risk 0.53cvss 8.2epss 0.00

    Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center…