CVE-2020-36652 File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

🗓️ 28 Feb 2023 02:06:32Reported by HitachiType

Incorrect Default Permissions vulnerability in Hitachi products allowing local users to read and write specific file

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of Hitachi software lies in improper default permissions, which allow attackers to read and write certain files.	28 Mar 202300:00	–	bdu_fstec
Circl	CVE-2020-36652	28 Feb 202307:27	–	circl
CNNVD	Hitachi Infrastructure Analytics Advisor 安全漏洞	28 Feb 202300:00	–	cnnvd
CVE	CVE-2020-36652	28 Feb 202302:06	–	cve
EUVD	EUVD-2020-24099	7 Oct 202500:30	–	euvd
Japan Vulnerability Notes	File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center	1 Mar 202307:59	–	jvn
NVD	CVE-2020-36652	28 Feb 202303:15	–	nvd
OSV	CVE-2020-36652	28 Feb 202303:15	–	osv
Prion	Design/Logic Flaw	28 Feb 202303:15	–	prion
Positive Technologies	PT-2023-2012 · Hitachi · Hitachi Infrastructure Analytics Advisor +4	28 Feb 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Automation Director",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "10.6.1-00",
        "status": "affected",
        "version": "8.2.0-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Infrastructure Analytics Advisor",
      "Analytics probe server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Infrastructure Analytics Advisor",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "4.0.0-00",
        "status": "affected",
        "version": "2.0.0-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Automator",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Ops Center Analyzer",
      "Analyzer probe server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Analyzer",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Viewpoint RAID Agent"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Viewpoint",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
hitachi	www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html

28 Feb 2023 02:06Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.6

EPSS0.00032

CWE-276