PT-2022-25933 · Hitachi · Hitachi Ops Center Analyzer+1
Published
2022-11-01
·
Updated
2023-03-01
·
CVE-2022-41552
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.4.0-00
Hitachi Ops Center Analyzer versions 10.0.0-00 through 10.8.0-00
Description
A Server-Side Request Forgery (SSRF) issue affects Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer on Linux, allowing Server Side Request Forgery. This issue is related to the Data Center Analytics and Analytics probe components in Hitachi Infrastructure Analytics Advisor, and the Hitachi Ops Center Analyzer detail view and probe components in Hitachi Ops Center Analyzer.
Recommendations
For Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.4.0-00, update to a version after 4.4.0-00.
For Hitachi Ops Center Analyzer versions 10.0.0-00 through 10.8.0-00, update to version 10.9.0-00 or later.
As a temporary workaround, consider restricting access to the vulnerable components in both products until a patch is available.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Infrastructure Analytics Advisor
Hitachi Ops Center Analyzer