CVE-2021-28052

medium

Description

A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.

References

https://www.hitachi.com/hirt/hitachi-sec/2021/604.html

https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability

Details

Source: Mitre, NVD

Published: 2022-09-26

Updated: 2022-09-28

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N