XXE Vulnerability in Hitachi Device Manager and Hitachi Replication Manager
CVE-2017-9295

6.5MEDIUM

Key Information:

Vendor: Hitachi
Status: Device Manager
Vendor: CVE Published:; 29 May 2017

What is CVE-2017-9295?

An XML External Entity (XXE) vulnerability exists in Hitachi Device Manager prior to version 8.5.2-01 and Hitachi Replication Manager prior to version 8.5.2-00. This security flaw enables authenticated remote users to exploit the affected software, allowing them to read arbitrary files from the system. Such vulnerabilities can lead to serious data breaches and pose significant risks to users' sensitive information.

References

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/98761

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2017
Vulnerability Reserved
May 29, 2017