Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-36695— File and Directory Permission Vulnerability in Hitachi Command Suite

CVSS 6.6 · Medium EPSS 0.05% · P14
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-36695

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
File and Directory Permission Vulnerability in Hitachi Command Suite
Source: NVD (National Vulnerability Database)
Vulnerability Description
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hitachi Replication Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hitachi Replication Manager是日本日立制作所(Hitachi)公司的一个完整的备份和灾难恢复应用程序。 部分Hitachi产品存在安全漏洞,该漏洞源于默认权限设置不正确。以下产品及版本受到影响:Hitachi Device Manager 8.8.5-02 之前版本、Hitachi Tiered Storage Manager 8.8.5-02 之前版本、Hitachi Replication Manager 8.8.5-02 之前版本、Hitachi Tuning Manage
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
HitachiHitachi Device Manager 0 ~ 8.8.5-02 -
HitachiHitachi Tiered Storage Manager 0 ~ 8.8.5-02 -
HitachiHitachi Replication Manager 0 ~ 8.8.5-02 -
HitachiHitachi Tuning Manager 0 ~ 8.8.5-02 -
HitachiHitachi Compute Systems Manager 0 ~ 8.8.3-08 -

II. Public POCs for CVE-2020-36695

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-36695

登录查看更多情报信息。

Same Patch Batch · Hitachi · 2023-07-18 · 4 CVEs total

CVE-2023-341429.0 CRITICALCleartext Transmission Vulnerability in Hitachi Device Manager
CVE-2022-41467.3 HIGHEL Injection Vulnerability in Hitachi Replication Manager
CVE-2023-341435.6 MEDIUMImproper Validation of Certificate Vulnerability in Hitachi Device Manager

IV. Related Vulnerabilities

Same product: Hitachi Device Manager
Same vendor: Hitachi
Same weakness: CWE-276

V. Comments for CVE-2020-36695

No comments yet

Leave a comment