CVE-2024-22385 - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-129/index.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi

Published: 2024-06-25T01:34:24.077Z

Updated: 2024-06-25T15:20:01.757Z

Reserved: 2024-01-10T04:05:26.073Z

Link: CVE-2024-22385

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-25T02:15:10.583

Modified: 2024-06-25T12:24:17.873

Link: CVE-2024-22385

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22385", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2024-01-10T04:05:26.073Z", "datePublished": "2024-06-25T01:34:24.077Z", "dateUpdated": "2024-06-25T15:20:01.757Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Storage Provider for VMware vCenter", "vendor": "Hitachi", "versions": [{"changes": [{"at": "3.7.4", "status": "unaffected"}], "lessThan": "3.7.4", "status": "affected", "version": "3.1.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.<p>This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-06-25T01:34:24.077Z"}, "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-129/index.html"}], "source": {"advisory": "hitachi-sec-2024-129", "discovery": "UNKNOWN"}, "title": "File and Directory Permission Vulnerability in Hitachi Storage Provider for VMware vCenter", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T15:19:51.578417Z", "id": "CVE-2024-22385", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T15:20:01.757Z"}}]}}