All the vulnerabilites related to Hitachi - Hitachi Compute Systems Manager
cve-2020-36695
Vulnerability from cvelistv5
Published
2023-07-18 01:59
Modified
2024-10-21 19:04
Severity ?
EPSS score ?
Summary
File and Directory Permission Vulnerability in Hitachi Command Suite
References
▼ | URL | Tags |
---|---|---|
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Hitachi | Hitachi Device Manager |
Version: 0 < 8.8.5-02 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:37:05.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-36695", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T18:55:34.277350Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T19:04:12.419Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Device Manager Server" ], "platforms": [ "Linux" ], "product": "Hitachi Device Manager", "vendor": "Hitachi", "versions": [ { "changes": [ { "at": "8.8.5-02", "status": "unaffected" } ], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "Hitachi Tiered Storage Manager", "vendor": "Hitachi", "versions": [ { "changes": [ { "at": "8.8.5-02", "status": "unaffected" } ], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "Hitachi Replication Manager", "vendor": "Hitachi", "versions": [ { "changes": [ { "at": "8.8.5-02", "status": "unaffected" } ], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "modules": [ "Hitachi Tuning Manager server", "Hitachi Tuning Manager - Agent for RAID", "Hitachi Tuning Manager - Agent for NAS" ], "platforms": [ "Linux" ], "product": "Hitachi Tuning Manager", "vendor": "Hitachi", "versions": [ { "changes": [ { "at": "8.8.5-02", "status": "unaffected" } ], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "Hitachi Compute Systems Manager", "vendor": "Hitachi", "versions": [ { "changes": [ { "at": "8.8.3-08", "status": "unaffected" } ], "lessThan": "8.8.3-08", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.\u003cp\u003eThis issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\u003c/p\u003e" } ], "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n" } ], "impacts": [ { "capecId": "CAPEC-165", "descriptions": [ { "lang": "en", "value": "CAPEC-165 File Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-18T01:59:31.566Z", "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html" } ], "source": { "advisory": "hitachi-sec-2023-124", "discovery": "UNKNOWN" }, "title": "File and Directory Permission Vulnerability in Hitachi Command Suite", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "assignerShortName": "Hitachi", "cveId": "CVE-2020-36695", "datePublished": "2023-07-18T01:59:31.566Z", "dateReserved": "2023-06-06T01:32:00.408Z", "dateUpdated": "2024-10-21T19:04:12.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }