PT-2022-25934 · Hitachi · Hitachi Ops Center Analyzer+1
Published
2022-11-01
·
Updated
2023-05-16
·
CVE-2022-41553
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.4.0-00
Hitachi Ops Center Analyzer versions 10.0.0-00 through 10.8.0-00
Description
The issue allows local users to gain sensitive information due to the insertion of sensitive information into a temporary file. This is related to the Analytics probe component in Hitachi Infrastructure Analytics Advisor on Linux and the Hitachi Ops Center Analyzer probe component in Hitachi Ops Center Analyzer on Linux.
Recommendations
For Hitachi Infrastructure Analytics Advisor versions 2.0.0-00 through 4.4.0-00, update to a version after 4.4.0-00.
For Hitachi Ops Center Analyzer versions 10.0.0-00 through 10.8.0-00, update to version 10.9.0-00 or later.
As a temporary workaround, consider restricting access to the temporary files used by the Analytics probe component and the Hitachi Ops Center Analyzer probe component to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Infrastructure Analytics Advisor
Hitachi Ops Center Analyzer