VYPR

Vendor CVEs

Hitachi

All CVEs

382 total · sorted by risk
  • CVE-2025-1245MedMay 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer  (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops…

  • CVE-2025-27631MedMar 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.

  • CVE-2024-12169MedMar 25, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3…

  • CVE-2024-6697MedFeb 20, 2025
    risk 0.42cvss 6.5epss 0.00

    The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. (CWE-280)   …

  • CVE-2024-37363MedFeb 20, 2025
    risk 0.42cvss 6.5epss 0.00

    The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862)  Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an…

  • CVE-2017-9295MedMay 29, 2017
    risk 0.42cvss 6.5epss 0.01

    XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.

  • CVE-2026-2254MedMay 27, 2026
    risk 0.41cvss 6.3epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.

  • CVE-2024-37362MedFeb 20, 2025
    risk 0.41cvss 6.3epss 0.00

    The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)   Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including…

  • CVE-2025-0758MedApr 16, 2025
    risk 0.40cvss 6.1epss 0.00

    Overview  The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)  Description  Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2,…

  • CVE-2025-27632MedMar 25, 2025
    risk 0.40cvss 6.1epss 0.00

    A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.

  • CVE-2017-9297MedMay 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.

  • CVE-2017-9296MedMay 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.

  • CVE-2025-10217MedSep 30, 2025
    risk 0.39cvss epss 0.00

    A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting…

  • CVE-2025-65116MedApr 7, 2026
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management…

  • CVE-2025-2300MedApr 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.

  • CVE-2023-6814MedMar 12, 2024
    risk 0.36cvss 5.6epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before…

  • CVE-2024-8201MedMay 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.

  • CVE-2017-9298MedMay 29, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.

  • CVE-2025-2514MedMay 7, 2026
    risk 0.34cvss 5.3epss 0.00

    Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual…

  • CVE-2025-9122MedDec 15, 2025
    risk 0.34cvss 5.3epss 0.00

    Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.

  • CVE-2025-27524MedMay 15, 2025
    risk 0.34cvss 5.3epss 0.00

    Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through…

  • CVE-2024-9928MedNov 26, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the…

  • CVE-2025-24911MedApr 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…

  • CVE-2025-24910MedApr 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is…

  • CVE-2024-11499MedMar 25, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections. The affected CMU…

  • CVE-2024-6696MedFeb 20, 2025
    risk 0.32cvss 4.9epss 0.00

    The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control…

  • CVE-2026-3314MedMay 26, 2026
    risk 0.30cvss 4.6epss 0.00

    Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules), Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor (Data Center Analytics, Analytics…

  • CVE-2026-7310MedMay 26, 2026
    risk 0.29cvss epss 0.00

    A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code…

  • CVE-2025-24909MedApr 16, 2025
    risk 0.29cvss 4.4epss 0.00

    Overview   The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)   Description   Hitachi Vantara Pentaho Business Analytics…

  • CVE-2025-0757MedApr 16, 2025
    risk 0.29cvss 4.4epss 0.00

    Overview   The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)   Description   Hitachi Vantara Pentaho Business Analytics Server…

  • CVE-2024-10037MedMar 25, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection. An attacker must be properly authenticated and the test mode function of…

  • CVE-2024-37360MedFeb 19, 2025
    risk 0.29cvss 4.4epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')   The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a…

  • CVE-2024-22385MedJun 25, 2024
    risk 0.29cvss 4.4epss 0.00

    Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.

  • CVE-2023-6833MedApr 23, 2024
    risk 0.29cvss 4.4epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1.

  • CVE-2026-2255MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by…

  • CVE-2025-3624MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.

  • CVE-2024-9929MedNov 26, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.

  • CVE-2025-27525LowMay 15, 2025
    risk 0.25cvss 3.9epss 0.00

    Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50…

  • CVE-2022-43769KEVApr 3, 2023
    risk 0.23cvss epss 0.98

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

  • CVE-2022-43939KEVApr 3, 2023
    risk 0.22cvss epss 0.92

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

  • CVE-2005-0356May 31, 2005
    risk 0.10cvss epss 0.83

    Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later…

  • CVE-2021-31602Nov 8, 2021
    risk 0.07cvss epss 0.52

    An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the…

  • CVE-2023-6538Dec 11, 2023
    risk 0.03cvss epss 0.02

    SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to…

  • CVE-2021-34684Nov 8, 2021
    risk 0.02cvss epss 0.06

    Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.

  • CVE-2005-3164Oct 6, 2005
    risk 0.01cvss epss 0.07

    The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an…

  • CVE-2003-0564Dec 1, 2003
    risk 0.01cvss epss 0.08

    Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected…

  • CVE-2025-7737Jun 19, 2026
    risk 0.00cvss epss 0.00

    DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI)…

  • CVE-2026-2072Mar 25, 2026
    risk 0.00cvss epss 0.00

    Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.

  • CVE-2026-1166Mar 25, 2026
    risk 0.00cvss epss 0.00

    Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.

  • CVE-2025-0976Feb 25, 2026
    risk 0.00cvss epss 0.00

    Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00.

Page 2 of 8