CVE-2022-41552 Vulnerability Details

  /     /     /  

CVE-2022-41552 Metadata Quick Info

CVE Published: 01/11/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Hitachi | Vendor: Hitachi | Product: Hitachi Infrastructure Analytics Advisor
Status : PUBLISHED

CVE-2022-41552 Description

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-918
CWE Name: CWE-918 Server-Side Request Forgery (SSRF)
Source: Hitachi

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-664
CAPEC Description: CAPEC-664 Server Side Request Forgery