Lucene search

HitachiCVELIST:CVE-2021-28052

HistorySep 26, 2022 - 3:10 p.m.

CVE-2021-28052 Hitachi Content Platform Information Disclosure Vulnerability

2022-09-2615:10:26

CWE-264

Hitachi

www.cve.org

hitachi content platform

information disclosure

vulnerability

unauthorized access

data

hitachi vantara

configuration

tenant maintenance

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.

CNA Affected

[
  {
    "product": "Hitachi Content Platform",
    "vendor": "Hitachi Vantara",
    "versions": [
      {
        "lessThan": "8.3.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.2.3",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability

www.hitachi.com/hirt/hitachi-sec/2021/604.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2021-28052