PT-2022-5010 · Hitachi · Hitachi Storage Plug-In For Vmware Vcenter
Published
2022-10-06
·
Updated
2023-03-01
·
CVE-2022-2637
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Hitachi Storage Plug-in for VMware vCenter versions 04.8.0 through 04.8.x before 04.9.0
Hitachi Storage Plug-in for VMware vCenter version 04.8.0
Description
The issue is related to an Incorrect Privilege Assignment vulnerability in the Hitachi Storage Plug-in for VMware vCenter, allowing remote authenticated users to cause privilege escalation. This can be exploited by a remote attacker to elevate privileges in the system.
Recommendations
For Hitachi Storage Plug-in for VMware vCenter versions 04.8.0 through 04.8.x before 04.9.0, update to version 04.9.0 or later to resolve the issue.
For Hitachi Storage Plug-in for VMware vCenter version 04.8.0, update to version 04.9.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the vulnerable module to minimize the risk of exploitation.
Fix
Improper Privilege Management
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hitachi Storage Plug-In For Vmware Vcenter