CVE-2024-2819 - Vulnerability Details - OpenCVE

Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachi	Ops Center Common Services

Configuration 1 [-]

cpe:2.3:a:hitachi:ops_center_common_services:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html

History

Tue, 21 Jan 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachi Hitachi ops Center Common Services
CPEs		cpe:2.3:a:hitachi:ops_center_common_services::::::::
Vendors & Products		Hitachi Hitachi ops Center Common Services

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2024-07-02T01:53:44.982Z

Updated: 2024-08-01T19:25:41.763Z

Reserved: 2024-03-22T06:56:51.487Z

Link: CVE-2024-2819

Vulnrichment

Updated: 2024-08-01T19:25:41.763Z

NVD

Status : Analyzed

Published: 2024-07-02T02:15:02.127

Modified: 2025-01-21T19:14:24.217

Link: CVE-2024-2819

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2819", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2024-03-22T06:56:51.487Z", "datePublished": "2024-07-02T01:53:44.982Z", "dateUpdated": "2024-08-01T19:25:41.763Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Ops Center Common Services", "vendor": "Hitachi", "versions": [{"changes": [{"at": "11.0.2-00", "status": "unaffected"}], "lessThan": "11.0.2-00", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.<p>This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.</p>"}], "value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-07-02T01:53:44.982Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"}], "source": {"advisory": "hitachi-sec-2024-132", "discovery": "UNKNOWN"}, "title": "File Permission Vulnerability in Hitachi Ops Center Common Services", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T18:19:58.248604Z", "id": "CVE-2024-2819", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T18:20:06.592Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.763Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.763Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2819", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T18:19:58.248604Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T18:20:00.990Z"}}], "cna": {"title": "File Permission Vulnerability in Hitachi Ops Center Common Services", "source": {"advisory": "hitachi-sec-2024-132", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi", "product": "Hitachi Ops Center Common Services", "versions": [{"status": "affected", "changes": [{"at": "11.0.2-00", "status": "unaffected"}], "version": "0", "lessThan": "11.0.2-00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.<p>This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-07-02T01:53:44.982Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2819", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:25:41.763Z", "dateReserved": "2024-03-22T06:56:51.487Z", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "datePublished": "2024-07-02T01:53:44.982Z", "assignerShortName": "Hitachi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:ops_center_common_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F9438A2-D842-4842-BC7C-AC397B5E9E61", "versionEndExcluding": "11.0.2-00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00."}, {"lang": "es", "value": "La vulnerabilidad de permisos predeterminados incorrectos y preservaci\u00f3n inadecuada de permisos en los servicios comunes de Hitachi Ops Center permite la manipulaci\u00f3n de archivos. Este problema afecta a los servicios comunes de Hitachi Ops Center: anteriores a 11.0.2-00."}], "id": "CVE-2024-2819", "lastModified": "2025-01-21T19:14:24.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 2.5, "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-02T02:15:02.127", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-132/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-281"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}