Name of the Vulnerable Software and Affected Versions:

Hitachi Device Manager versions prior to 8.8.5-02

Hitachi Tiered Storage Manager versions prior to 8.8.5-02

Hitachi Replication Manager versions prior to 8.8.5-02

Hitachi Tuning Manager versions prior to 8.8.5-02

Hitachi Compute Systems Manager versions prior to 8.8.3-08

Description:

The issue is related to incorrect default permissions in the Device Manager Server component, Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, and Hitachi Tuning Manager - Agent for NAS components of Hitachi Device Manager, Hitachi Tiered Storage Manager, and Hitachi Tuning Manager systems. This allows file manipulation, potentially enabling an attacker to read, modify, or delete data.

Recommendations:

For Hitachi Device Manager versions prior to 8.8.5-02, update to version 8.8.5-02 or later.

For Hitachi Tiered Storage Manager versions prior to 8.8.5-02, update to version 8.8.5-02 or later.

For Hitachi Replication Manager versions prior to 8.8.5-02, update to version 8.8.5-02 or later.

For Hitachi Tuning Manager versions prior to 8.8.5-02, update to version 8.8.5-02 or later.

For Hitachi Compute Systems Manager versions prior to 8.8.3-08, update to version 8.8.3-08 or later.