Vulnerability Details : CVE-2021-41573
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link .
Vulnerability category: Information leak
Products affected by CVE-2021-41573
- cpe:2.3:a:hitachi:content_platform_anywhere:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41573
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41573
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
MITRE | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2021-41573
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-41573
-
https://www.hitachi.com/hirt/security/index.html
Security Information : Hitachi Incident Response Team : HitachiVendor Advisory
-
https://www.hitachi.com/hirt/hitachi-sec/2021/602.html
hitachi-sec-2021-602Hitachi Content Platform Anywhere Information Disclosure Vulnerability : Hitachi Incident Response Team : HitachiVendor Advisory
Jump to