CVE-2020-36605

EPSS 0.04%
Published 01.11.2022 03:15:10
Last modified 21.11.2024 05:29:52
Source hirt@hitachi.co.jp
Teams watchlist Login
Open Login

Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.



This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hitachi ≫ Infrastructure Analytics Advisor Version >= 2.0.0-00 <= 4.4.0-00

Linux ≫ Linux Kernel Version- HwPlatformx64
Microsoft ≫ Windows Version- HwPlatformx64

Hitachi ≫ Ops Center Analyzer Version >= 10.0.0-00 < 10.9.0-00

Linux ≫ Linux Kernel Version- HwPlatformx64

Hitachi ≫ Ops Center Viewpoint Version >= 10.8.0-00 < 10.9.0-00

Linux ≫ Linux Kernel Version- HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
hirt@hitachi.co.jp	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36605

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36605

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36605

EUVD