CVE-2021-41573

Name of the Vulnerable Software and Affected Versions Hitachi Content Platform Anywhere (HCP-AW) versions 4.4.5 and later

Description The issue is related to insufficient protection of registration data, which may allow a remote attacker to gain unauthorized access to protected information. If an authenticated user creates a link to a file or folder while the system is running version 4.3.x or earlier, shares the link, and then deletes the file or folder without deleting the link before it expires, a malicious user with the link could browse and download all files of the authenticated user who created the link after the system has been upgraded to version 4.4.5 or 4.5.0.

Recommendations For Hitachi Content Platform Anywhere (HCP-AW) versions 4.4.5 and later, consider deleting links to files or folders when they are deleted to prevent information disclosure. As a temporary workaround, restrict access to shared links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.