CVE-2023-3440

Name of the Vulnerable Software and Affected Versions Hitachi JP1/Performance Management - Manager versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Base versions 09-00 through 10-50-* Hitachi JP1/Performance Management - Agent Option for Application Server versions 11-00 through 11-50-15 Hitachi JP1/Performance Management - Agent Option for Enterprise Applications versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for HiRDB versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino versions 10-00 through 11-50-15 Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server versions 09-00 through 12-00-13 Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Agent Option for Oracle versions 09-00 through 12-10-07 Hitachi JP1/Performance Management - Agent Option for Platform versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Agent Option for Service Response versions 09-00 through 11-50-15 Hitachi JP1/Performance Management - Agent Option for Transaction System versions 11-00 through 12-00-13 Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server versions 09-00 through 12-50-06 Hitachi JP1/Performance Management - Remote Monitor for Oracle versions 09-00 through 12-10-07 Hitachi JP1/Performance Management - Remote Monitor for Platform versions 09-00 through 12-10-07 Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine versions 10-00 through 12-50-06 Hitachi JP1/Performance Management - Agent Option for Domino version 09-00 Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for JP1/AJS3 versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for OpenTP1 versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server versions 09-00 through 10-00-* Hitachi JP1/Performance Management - Agent Option for Virtual Machine versions 09-00 through 09-01-*

Description The issue is related to incorrect default permissions in Hitachi JP1/Performance Management on Windows, allowing file manipulation. This can enable an attacker to access files and directories.

Recommendations For Hitachi JP1/Performance Management - Manager versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Base versions 09-00 through 10-50-, update to a version after 10-50-. For Hitachi JP1/Performance Management - Agent Option for Application Server versions 11-00 through 11-50-15, update to a version after 11-50-15. For Hitachi JP1/Performance Management - Agent Option for Enterprise Applications versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for HiRDB versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino versions 10-00 through 11-50-15, update to a version after 11-50-15. For Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server versions 09-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Agent Option for Oracle versions 09-00 through 12-10-07, update to a version after 12-10-07. For Hitachi JP1/Performance Management - Agent Option for Platform versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Agent Option for Service Response versions 09-00 through 11-50-15, update to a version after 11-50-15. For Hitachi JP1/Performance Management - Agent Option for Transaction System versions 11-00 through 12-00-13, update to a version after 12-00-13. For Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server versions 09-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Remote Monitor for Oracle versions 09-00 through 12-10-07, update to a version after 12-10-07. For Hitachi JP1/Performance Management - Remote Monitor for Platform versions 09-00 through 12-10-07, update to a version after 12-10-07. For Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine versions 10-00 through 12-50-06, update to a version after 12-50-06. For Hitachi JP1/Performance Management - Agent Option for Domino version 09-00, update to a version after 09-00. For Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server versions 09-00 through 10-00-, update to a version after 10-00-. For Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ versions 09-00 through 10-00-, update to a version after 10-00-. For Hitachi JP1/Performance Management - Agent Option for JP1/AJS3 versions 09-00 through 10-00-, update to a version after 10-00-. For Hitachi JP1/Performance Management - Agent Option for OpenTP1 versions 09-00 through 10-00-, update to a version after 10-00-. For Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server versions 09-00 through 10-00-, update to a version after 10-00-. For Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server versions 09-00 through 10-00-, update to a version after 10-00-. For Hitachi JP1/Performance Management - Agent Option for Virtual Machine versions 09-00 through 09-01-, update to a version after 09-01-.