Описание
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.8.7825.01 (исключая)
Одновременно
cpe:2.3:o:hitachi:system_management_unit_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:system_management_unit:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05301
Низкий
7.6 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-285
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.6
github
около 2 лет назад
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
EPSS
Процентиль: 90%
0.05301
Низкий
7.6 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-285
NVD-CWE-Other