VYPR

Vendor CVEs

Hitachi

All CVEs

382 total · sorted by risk
  • CVE-2023-4816Sep 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear)…

  • CVE-2023-1995Aug 29, 2023
    risk 0.00cvss epss 0.00

    Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06,…

  • CVE-2023-39986Aug 23, 2023
    risk 0.00cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a…

  • CVE-2023-39985Aug 23, 2023
    risk 0.00cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a…

  • CVE-2023-39984Aug 23, 2023
    risk 0.00cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User…

  • CVE-2023-3495Aug 23, 2023
    risk 0.00cvss epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must…

  • CVE-2022-4608Jul 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500…

  • CVE-2022-2502Jul 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced…

  • CVE-2023-34143Jul 18, 2023
    risk 0.00cvss epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before…

  • CVE-2023-34142Jul 18, 2023
    risk 0.00cvss epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.

  • CVE-2022-4146Jul 18, 2023
    risk 0.00cvss epss 0.00

    Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

  • CVE-2020-36695Jul 18, 2023
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager…

  • CVE-2023-2625Jun 28, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of…

  • CVE-2023-26298Jun 12, 2023
    risk 0.00cvss epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-26297Jun 12, 2023
    risk 0.00cvss epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-26296Jun 12, 2023
    risk 0.00cvss epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-26295Jun 12, 2023
    risk 0.00cvss epss 0.02

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-26294Jun 12, 2023
    risk 0.00cvss epss 0.01

    Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

  • CVE-2023-1711May 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*…

  • CVE-2022-4815May 24, 2023
    risk 0.00cvss epss 0.01

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 

  • CVE-2023-1158May 24, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 

  • CVE-2023-30469May 23, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.

  • CVE-2022-43770Apr 11, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   

  • CVE-2022-3695Apr 11, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.   

  • CVE-2022-4771Apr 3, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 

  • CVE-2022-4770Apr 3, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 

  • CVE-2022-4769Apr 3, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 

  • CVE-2022-43772Apr 3, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 

  • CVE-2022-3960Apr 3, 2023
    risk 0.00cvss epss 0.00

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 

  • CVE-2022-43941Apr 3, 2023
    risk 0.00cvss epss 0.01

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 

  • CVE-2022-43771Apr 3, 2023
    risk 0.00cvss epss 0.24

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.  

  • CVE-2022-43940Apr 3, 2023
    risk 0.00cvss epss 0.01

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 

  • CVE-2022-43938Apr 3, 2023
    risk 0.00cvss epss 0.27

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 

  • CVE-2022-43773Apr 3, 2023
    risk 0.00cvss epss 0.22

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 

  • CVE-2022-3685Mar 28, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to…

  • CVE-2022-3686Mar 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4…

  • CVE-2022-3684Mar 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4…

  • CVE-2022-3683Mar 28, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive…

  • CVE-2022-3682Mar 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All…

  • CVE-2020-36652Feb 28, 2023
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center…

  • CVE-2022-4895Feb 28, 2023
    risk 0.00cvss epss 0.00

    Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics…

  • CVE-2022-3884Feb 28, 2023
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.

  • CVE-2022-3353Feb 21, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.  An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting…

  • CVE-2022-4441Jan 31, 2023
    risk 0.00cvss epss 0.01

    Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.

  • CVE-2022-4041Jan 31, 2023
    risk 0.00cvss epss 0.01

    Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.

  • CVE-2020-36611Jan 17, 2023
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read…

  • CVE-2022-2155Jan 12, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to…

  • CVE-2021-26355Jan 10, 2023
    risk 0.00cvss epss 0.00

    Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.

  • CVE-2022-3929Jan 5, 2023
    risk 0.00cvss epss 0.00

    Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * …

  • CVE-2022-3928Jan 5, 2023
    risk 0.00cvss epss 0.00

    Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B,…

Page 4 of 8