Hitachi Tuning Manager Injection Vulnerability Allows Code Injection
CVE-2024-5828

9.8CRITICAL

Key Information:

Vendor: Hitachi
Status: Hitachi Tuning Manager
Vendor: CVE Published:; 6 August 2024

Summary

An Expression Language Injection vulnerability exists in Hitachi Tuning Manager, which operates across Windows, Linux, and Solaris platforms. This vulnerability can allow attackers to conduct code injection attacks, compromising the integrity of the application and potentially leading to unauthorized access or manipulation of data. The affected versions prior to 8.8.7-00 demonstrate insufficient validation of user input, enabling exploitation through crafted expressions. Organizations utilizing Hitachi Tuning Manager are urged to assess their environments for this vulnerability and apply appropriate security patches to mitigate risks and protect sensitive information.

Affected Version(s)

Hitachi Tuning Manager Windows 0 < 8.8.7-00

References

https://www.hitachi.com/products/it/software/security/inf...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre Database