CVE-2020-36605

File Permissions Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Viewpoint

CVSS 6.6 MEDIUMEPSS 0.1%CWE-276

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.6EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

01 Nov 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Affected products

Hitachi · Hitachi Infrastructure Analytics Advisor Hitachi · Hitachi Ops Center Analyzer Hitachi · Hitachi Ops Center Viewpoint

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html