Lucene search

[email protected]NVD:CVE-2021-28052

HistorySep 26, 2022 - 4:15 p.m.

CVE-2021-28052

2022-09-2616:15:10

CWE-862

CWE-264

[email protected]

web.nvd.nist.gov

hitachi content platform

unauthorized access

data

tenant administrator

tenant user

hitachi vantara

version vulnerability

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.

Affected configurations

Nvd

Node

hitachvantaraRange<8.3.7

hitachvantaraRange9.0.0–9.2.3

VendorProductVersionCPE
hitachvantara*cpe:2.3:a:hitach:vantara:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitach	vantara	*	cpe:2.3:a:hitach:vantara::::::::

References

knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability

www.hitachi.com/hirt/hitachi-sec/2021/604.html

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Related for NVD:CVE-2021-28052

prion1 cnvd1 cve1 cvelist1