File and Directory Permission Vulnerability in JP1/Performance Management
CVE-2023-3440

7.8HIGH

Key Information:

Vendor: Hitachi
Status: JP1/Performance Management - Manager; JP1/Performance Management - Base; JP1/Performance Management - Agent Option for Application Server; JP1/Performance Management - Agent Option for Enterprise Applications
Vendor: CVE Published:; 3 October 2023

What is CVE-2023-3440?

A vulnerability in Hitachi's JP1/Performance Management software for Windows has been identified where incorrect default permissions can allow unauthorized file manipulation. This affects several versions of the software, potentially compromising the integrity and confidentiality of sensitive data. Organizations using this product should review affected versions and apply necessary updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

JP1/Performance Management - Agent Option for Application Server Windows 11-00 < 11-50-16

JP1/Performance Management - Agent Option for Domino Windows 09-00 <= 09-00-*

JP1/Performance Management - Agent Option for Enterprise Applications Windows 09-00 < 11-50

References

https://www.hitachi.com/products/it/software/security/inf...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Jun 28, 2023

Credit

Taku Toyama

Masaya Suzuki