CVE-2022-4895

Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
HitachiCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
hitachiinfrastructure_analytics_advisor
2.0.0-00 ≤
𝑥
< 10.9.1-00
hitachiops_center_analyzer
10.0.0-00 ≤
𝑥
< 10.9.1-00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html