Headline
CVE-2023-5808: Hitachi Vantara Support
Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).
https://sso.hitachivantara.com/content/login-page.html?fromURI=https://hitachivantara.okta.com/app/hitachivantara_supportconnectportaloag_1/exk93s5svtkcaiA6I2p7/sso/saml
This site uses cookies from Hitachi and third parties for our own business purposes and to personalize your experience. By using this site, you agree to the use of cookies. For more information, visit Hitachi Cookies Policy.
Related news
Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.