9.8
CVE-2022-41552
- EPSS 0.32%
- Veröffentlicht 01.11.2022 03:15:10
- Zuletzt bearbeitet 21.11.2024 07:23:22
- Quelle hirt@hitachi.co.jp
- Teams Watchlist Login
- Unerledigt Login
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hitachi ≫ Infrastructure Analytics Advisor Version >= 2.0.0-00 <= 4.4.0-00
Hitachi ≫ Ops Center Analyzer Version >= 10.0.0-00 < 10.9.0-00
Hitachi ≫ Ops Center Viewpoint Version >= 10.8.0-00 < 10.9.0-00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.545 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| hirt@hitachi.co.jp | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.