SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
CPE | Name | Operator | Version |
---|---|---|---|
vantara_hitachi_network_attached_storage | le | 14.8.7825.01 |