CVE-2023-6814 (GCVE-0-2023-6814)
Vulnerability from cvelistv5
Published
2024-03-12 03:39
Modified
2024-08-02 08:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitachi | Cosminexus Component Container |
Version: 11-30 < 11-30-05 Version: 11-20 < 11-20-07 Version: 11-10 < 11-10-10 Version: 11-00 < 11-00-12 Version: 08-00 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T13:30:31.864165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T01:57:04.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cosminexus Component Container",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11-30-05",
"status": "unaffected"
}
],
"lessThan": "11-30-05",
"status": "affected",
"version": "11-30",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-20-07",
"status": "unaffected"
}
],
"lessThan": "11-20-07",
"status": "affected",
"version": "11-20",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-10-10",
"status": "unaffected"
}
],
"lessThan": "11-10-10",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-00-12",
"status": "unaffected"
}
],
"lessThan": "11-00-12",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "09-*",
"status": "affected",
"version": "08-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.\u003cp\u003eThis issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T03:10:06.839Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-118",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Cosminexus Component Container",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2023-6814",
"datePublished": "2024-03-12T03:39:22.392Z",
"dateReserved": "2023-12-14T02:26:36.719Z",
"dateUpdated": "2024-08-02T08:42:07.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-6814\",\"sourceIdentifier\":\"hirt@hitachi.co.jp\",\"published\":\"2024-03-12T04:15:08.257\",\"lastModified\":\"2024-11-21T08:44:36.760\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\\n\\n\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en Hitachi Cosminexus Component Container permite a los usuarios locales obtener informaci\u00f3n confidencial. Este problema afecta a Cosminexus Component Container: del 30 de noviembre al 30 de noviembre de 2005, del 20 de noviembre al 20 de noviembre de 2011. del 11-10 al 11-10-*, de 11-00 antes del 11-00-12, Todas las versiones de V8 y V9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"hirt@hitachi.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"references\":[{\"url\":\"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html\",\"source\":\"hirt@hitachi.co.jp\"},{\"url\":\"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-12T13:30:31.864165Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-28T01:57:01.718Z\"}}], \"cna\": {\"title\": \"Information Exposure Vulnerability in Cosminexus Component Container\", \"source\": {\"advisory\": \"hitachi-sec-2024-118\", \"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi\", \"product\": \"Cosminexus Component Container\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"11-30-05\", \"status\": \"unaffected\"}], \"version\": \"11-30\", \"lessThan\": \"11-30-05\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"11-20-07\", \"status\": \"unaffected\"}], \"version\": \"11-20\", \"lessThan\": \"11-20-07\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"11-10-10\", \"status\": \"unaffected\"}], \"version\": \"11-10\", \"lessThan\": \"11-10-10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"11-00-12\", \"status\": \"unaffected\"}], \"version\": \"11-00\", \"lessThan\": \"11-00-12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"08-00\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"09-*\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.\u003cp\u003eThis issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"shortName\": \"Hitachi\", \"dateUpdated\": \"2024-04-16T03:10:06.839Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-6814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-06-28T01:57:04.242Z\", \"dateReserved\": \"2023-12-14T02:26:36.719Z\", \"assignerOrgId\": \"50d0f415-c707-4733-9afc-8f6c0e9b3f82\", \"datePublished\": \"2024-03-12T03:39:22.392Z\", \"assignerShortName\": \"Hitachi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…