CVE-2023-2622

4.3MEDIUM

Key Information

Vendor: Hitachi
Status: MACH System Software
Vendor: CVE Published:; 1 November 2023

Summary

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

Affected Version(s)

MACH System Software <= 7.18.0.0

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 1, 2023
Vulnerability Reserved.
May 10, 2023

Collectors

NVD DatabaseMitre Database