CVE-2024-5828

Name of the Vulnerable Software and Affected Versions Hitachi Tuning Manager versions prior to 8.8.7-00

Description The issue is related to an Expression Language Injection vulnerability in Hitachi Tuning Manager, which allows code injection. This vulnerability can be exploited by a remote attacker to execute arbitrary code. The vulnerability is due to the lack of measures to neutralize special elements used in the expression language operator.

Recommendations For versions prior to 8.8.7-00, update to version 8.8.7-00 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable Expression Language Injection functionality until a patch is available.