CVE-2022-41552

EUVD-2022-44744

01.11.2022, 03:15

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery.
This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

SSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Hitachi	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
hitachi	infrastructure_analytics_advisor	2.0.0-00 ≤ 𝑥 ≤ 4.4.0-00
hitachi	ops_center_analyzer	10.0.0-00 ≤ 𝑥 < 10.9.0-00
hitachi	ops_center_viewpoint	10.8.0-00 ≤ 𝑥 < 10.9.0-00

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html