Lucene search

HitachiCVELIST:CVE-2020-36611

HistoryJan 17, 2023 - 1:21 a.m.

CVE-2020-36611 File and Directory Permission Vulnerability in Hitachi Tuning Manager

2023-01-1701:21:48

CWE-276

Hitachi

www.cve.org

cve-2020-36611

file and directory permission

hitachi tuning manager

linux

local users

unauthorized access

vulnerability

CVSS3

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-00.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Tuning Manager server",
      "Hitachi Tuning Manager - Agent for RAID",
      "Hitachi Tuning Manager - Agent for NAS",
      "Hitachi Tuning Manager - Agent for SAN Switch"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Tuning Manager",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "8.8.5-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.8.5-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-101/index.html