ByteOS Network

Vulnerability Details :

CVE-2022-36407

Assigner Org ID-50d0f415-c707-4733-9afc-8f6c0e9b3f82

Published At-25 Mar, 2024 | 05:55

Updated At-03 Aug, 2024 | 10:07

Information Exposure Vulnerability in Hitachi Disk Array Systems

Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Hitachi

Assigner Org ID:50d0f415-c707-4733-9afc-8f6c0e9b3f82

Published At:25 Mar, 2024 | 05:55

Updated At:03 Aug, 2024 | 10:07

▼CVE Numbering Authority (CNA)

Information Exposure Vulnerability in Hitachi Disk Array Systems

Affected Products

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform VP9500

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform G1000, G1500

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform F1500

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00
From 0 before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00
From 0 before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00
From 0 before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00
From 0 before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00

Vendor

Hitachi, Ltd.

Product

Hitachi Unified Storage VM

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00
From 0 before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform G100, G200, G400, G600, G800

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00
From 0 before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform F400, F600, F800

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00
From 0 before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02 (custom)
- -> unaffectedfromDKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform F350, F370, F700, F900

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02 (custom)
- -> unaffectedfromDKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02

Vendor

Hitachi, Ltd.

Product

Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H

Default Status

unaffected

Versions

Affected

From 0 before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00
From 0 before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00
From 0 before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00 (custom)
- -> unaffectedfromDKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00

Problem Types

Type	CWE ID	Description
CWE	CWE-532	CWE-532 Insertion of Sensitive Information into Log File

Type: CWE

CWE ID: CWE-532

Description: CWE-532 Insertion of Sensitive Information into Log File

Metrics

Version	Base score	Base severity	Vector
3.1	9.9	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 9.9

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impacts

CAPEC ID	Description
CAPEC-114	CAPEC-114 Authentication Abuse

CAPEC ID: CAPEC-114

Description: CAPEC-114 Authentication Abuse

References

Hyperlink	Resource
https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html	vendor-advisory

Hyperlink: https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html	vendor-advisory x_transferred

Hyperlink: https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html

Resource:

vendor-advisory

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:hirt@hitachi.co.jp

Published At:25 Mar, 2024 | 06:15

Updated At:25 Mar, 2024 | 13:47

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.9	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.9

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-532	Secondary	hirt@hitachi.co.jp

CWE ID: CWE-532

Type: Secondary

Source: hirt@hitachi.co.jp

References

Hyperlink	Source	Resource
https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html	hirt@hitachi.co.jp	N/A

Hyperlink: https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html

Source: hirt@hitachi.co.jp

Resource: N/A

CVE-2022-36407

Credits

Information Exposure Vulnerability in Hitachi Disk Array Systems

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History