Lucene search

HitachiCVE-2022-3191

HistoryNov 01, 2022 - 3:15 a.m.

CVE-2022-3191

2022-11-0103:15:10

CWE-532

Hitachi

web.nvd.nist.gov

cve-2022-3191

log file vulnerability

hitachi ops center analyzer

linux

virtual storage software agent

nvd

security issue

CVSS3

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information.
This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00

Affected configurations

Nvd

Node

hitachiops_center_analyzerRange10.8.1-00–10.9.0-00

AND

linuxlinux_kernelMatch-x64

VendorProductVersionCPE
hitachiops_center_analyzer*cpe:2.3:a:hitachi:ops_center_analyzer:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*

Vendor	Product	Version	CPE
hitachi	ops_center_analyzer	*	cpe:2.3:a:hitachi:ops_center_analyzer::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-::::::x64:

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Virtual Strage Software Agent"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Analyzer",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.0-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.0-00",
        "status": "affected",
        "version": "10.8.1-00",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html

Social References