Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
March 2, 2023Rewterz Threat Advisory –ICS: Multiple Hitachi Products Vulnerability
March 2, 2023Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
March 2, 2023Rewterz Threat Advisory –ICS: Multiple Hitachi Products Vulnerability
March 2, 2023Severity
Medium
Analysis Summary
CVE-2022-4895 CVSS:8.6
Multiple Hitachi products are vulnerable to a man-in-the-middle attack, caused by improper certificate validation vulnerability. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-3884 CVSS:7.3
Hitachi Ops Center Analyzer on Windows could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect default permissions flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to read and write specific files.
Impact
- Gain Access
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-4895
- CVE-2022-3884
Affected Vendors
Hitachi
Affected Products
- Hitachi Infrastructure Analytics Advisor on Linux
- Hitachi Ops Center Analyzer on Linux
- Hitachi Ops Center Analyzer on Windows 10.9.0-00
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.