Rewterz Threat Alert – Phobos Ransomware – Active IOCs
November 15, 2022Rewterz Threat Advisory – ICS: Hitachi Infrastructure Analytics Vulnerability
November 15, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
November 15, 2022Rewterz Threat Advisory – ICS: Hitachi Infrastructure Analytics Vulnerability
November 15, 2022Severity
High
Analysis Summary
CVE-2021-28052
Hitachi Content Platform could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication. By sending a specially-crafted request, an attacker could exploit this vulnerability to view configuration in another tenant without authorization.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2021-28052
Affected Vendors
Hitachi
Affected Products
- Hitachi Content Platform (HCP) 8.3.6
- Hitachi Content Platform (HCP) 9.2.2
Remediation
Refer to Hitachi Security Advisory for patch, upgrade or suggested workaround information.