Unintended Command Execution Vulnerability in FOXMAN UN/UNEM Server API Gateway

CVE-2024-2012

9.8CRITICAL

Key Information

Vendor: Hitachi
Status: Foxman-un; Unem
Vendor: CVE Published:; 11 June 2024

Summary

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

Affected Version(s)

FOXMAN-UN = FOXMAN-UN R16B PC2

FOXMAN-UN >= FOXMAN-UN R16B PC3

FOXMAN-UN = FOXMAN-UN R15B PC4

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 11, 2024
Vulnerability Reserved.
Feb 29, 2024

Collectors

NVD DatabaseMitre Database