Headline
CVE-2023-5808
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
Related news
Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference
Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.
CVE-2023-5808: Hitachi Vantara Support
Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).