CVE Vulnerability

CVE-2021-28052

A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.

4.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability Vendor Advisory
https://www.hitachi.com/hirt/hitachi-sec/2021/604.html Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:hitach:vantara:*:*:*:*:*:*:*:*
cpe:2.3:a:hitach:vantara:*:*:*:*:*:*:*:*
Information

Published : 2022-09-26 04:15

Updated : 2022-09-28 01:39

NVD link : CVE-2021-28052

Mitre link : CVE-2021-28052

Products Affected
No products.
CWE
CWE-862