CVE-2024-7125 - Vulnerability Details - OpenCVE

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hitachi	Ops Center Common Services
Linux	Linux Kernel

Configuration 1 [-]

AND

cpe:2.3:a:hitachi:ops_center_common_services:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html

History

Tue, 21 Jan 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-306
CPEs		cpe:2.3:a:hitachi:ops_center_common_services:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::*
Vendors & Products		Linux Linux linux Kernel

Wed, 28 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hitachi Hitachi ops Center Common Services
CPEs		cpe:2.3:a:hitachi:ops_center_common_services:10.9.3-00:::::::*
Vendors & Products		Hitachi Hitachi ops Center Common Services
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 27 Aug 2024 04:30:00 +0000

Type	Values Removed	Values Added
Description		Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.
Title		Authentication Bypass Vulnerability in Hitachi Ops Center Common Services
Weaknesses		CWE-288
References		https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2024-08-27T04:15:15.774Z

Updated: 2024-08-28T14:17:22.156Z

Reserved: 2024-07-26T09:21:02.356Z

Link: CVE-2024-7125

Vulnrichment

Updated: 2024-08-28T14:17:17.228Z

NVD

Status : Analyzed

Published: 2024-08-27T05:15:13.307

Modified: 2025-01-21T19:10:14.850

Link: CVE-2024-7125

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7125", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2024-07-26T09:21:02.356Z", "datePublished": "2024-08-27T04:15:15.774Z", "dateUpdated": "2024-08-28T14:17:22.156Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Ops Center Common Services", "vendor": "Hitachi", "versions": [{"changes": [{"at": "11.0.2-01", "status": "unaffected"}], "lessThan": "11.0.2-01", "status": "affected", "version": "10.9.3-00", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.<p>This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.</p>"}], "value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-08-27T04:15:15.774Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html"}], "source": {"advisory": "hitachi-sec-2024-143", "discovery": "UNKNOWN"}, "title": "Authentication Bypass Vulnerability in Hitachi Ops Center Common Services", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "hitachi", "product": "ops_center_common_services", "cpes": ["cpe:2.3:a:hitachi:ops_center_common_services:10.9.3-00:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.9.3-00", "status": "affected", "lessThan": "11.0.2-01", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T14:16:17.603187Z", "id": "CVE-2024-7125", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:17:22.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T14:16:17.603187Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hitachi:ops_center_common_services:10.9.3-00:*:*:*:*:*:*:*"], "vendor": "hitachi", "product": "ops_center_common_services", "versions": [{"status": "affected", "version": "10.9.3-00", "lessThan": "11.0.2-01", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T14:17:17.228Z"}}], "cna": {"title": "Authentication Bypass Vulnerability in Hitachi Ops Center Common Services", "source": {"advisory": "hitachi-sec-2024-143", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi", "product": "Hitachi Ops Center Common Services", "versions": [{"status": "affected", "changes": [{"at": "11.0.2-01", "status": "unaffected"}], "version": "10.9.3-00", "lessThan": "11.0.2-01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.<p>This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-08-27T04:15:15.774Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7125", "state": "PUBLISHED", "dateUpdated": "2024-08-28T14:17:22.156Z", "dateReserved": "2024-07-26T09:21:02.356Z", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "datePublished": "2024-08-27T04:15:15.774Z", "assignerShortName": "Hitachi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:ops_center_common_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "202B8EDA-9412-4B7F-B437-E20BBC0AABF4", "versionEndExcluding": "11.0.2-01", "versionStartIncluding": "10.9.3-00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Hitachi Ops Center Common Services. Este problema afecta a los servicios comunes de Hitachi Ops Center: desde 10.9.3-00 antes de 11.0.2-01."}], "id": "CVE-2024-7125", "lastModified": "2025-01-21T19:10:14.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-27T05:15:13.307", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}