Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-36652— File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

CVSS 6.6 · Medium EPSS 0.08% · P23
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-36652

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center
Source: NVD (National Vulnerability Database)
Vulnerability Description
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hitachi Infrastructure Analytics Advisor 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hitachi Infrastructure Analytics Advisor是日本日立制作所(Hitachi)公司的一个 IT 运营智能平台,包括日立数据中心分析。 Hitachi部分产品存在安全漏洞。攻击者利用该漏洞可以读取和写入特定文件。以下产品及版本受到影响:Hitachi Automation Director 8.2.0-00版本至10.6.1-00版本、Hitachi Infrastructure Analytics Advisor 2.0.0-00版本至4.0.0-00版本、Hitach
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
HitachiHitachi Automation Director 8.2.0-00 ~ 10.6.1-00 -
HitachiHitachi Infrastructure Analytics Advisor 2.0.0-00 ~ 4.0.0-00 -
HitachiHitachi Ops Center Automator 0 ~ 10.9.1-00 -
HitachiHitachi Ops Center Analyzer 0 ~ 10.9.1-00 -
HitachiHitachi Ops Center Viewpoint 0 ~ 10.9.1-00 -

II. Public POCs for CVE-2020-36652

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-36652

登录查看更多情报信息。

Same Patch Batch · Hitachi · 2023-02-28 · 3 CVEs total

CVE-2022-48958.6 HIGHMan-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitach
CVE-2022-38847.3 HIGHDirectory Permission Vulnerability in Hitachi Ops Center Analyzer

IV. Related Vulnerabilities

Same vendor: Hitachi
Same weakness: CWE-276

V. Comments for CVE-2020-36652

No comments yet

Leave a comment