Information Exposure Vulnerability in Hitachi Disk Array Systems
CVE-2022-36407

9.9CRITICAL

Key Information:

Vendor: Hitachi
Status: Hitachi Virtual Storage Platform; Hitachi Virtual Storage Platform Vp9500; Hitachi Virtual Storage Platform G1000, G1500; Hitachi Virtual Storage Platform F1500
Vendor: CVE Published:; 25 March 2024

Summary

An insertion of sensitive information into log files vulnerability exists in various models of Hitachi Virtual Storage Platform products. This vulnerability allows local users to gain access to sensitive information, potentially compromising the security of data stored within the system. Several versions of the Hitachi Virtual Storage Platform, VP9500, G1000, G1500, F1500, and other models, are affected, leading to risks associated with unauthorized data exposure. Users are advised to check their systems against the provided version thresholds to ensure they are using secure configurations.

Affected Version(s)

Hitachi Unified Storage VM 0

Hitachi Virtual Storage Platform 0

References

https://www.hitachi.com/products/it/storage-solutions/sec...

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 25, 2024
Vulnerability Reserved
Jul 22, 2022