File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center
CVE-2020-36652

6.6MEDIUM

Key Information:

Vendor: Hitachi
Status: Hitachi Automation Director; Hitachi Infrastructure Analytics Advisor; Hitachi Ops Center Automator; Hitachi Ops Center Analyzer
Vendor: CVE Published:; 28 February 2023

What is CVE-2020-36652?

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.

This issue affects Hitachi Automation Director:

from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

Affected Version(s)

Hitachi Automation Director Linux 8.2.0-00 <= 10.6.1-00

Hitachi Infrastructure Analytics Advisor Linux 2.0.0-00 <= 4.0.0-00

Hitachi Ops Center Analyzer Linux 0 < 10.9.1-00

References

https://www.hitachi.com/products/it/software/security/inf...

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Jan 17, 2023